FDA Finalizes Guidance for Postmarket Cybersecurity in Medical Devices

​Nearly a year after it first issued draft guidance on the topic, the U.S. Food and Drug Administration (FDA) has published final guidance calling medical device cybersecurity "a shared responsibility among stakeholders including health care facilities, patients, providers, and manufacturers." The document, which focuses on manufacturers' responsibilities, emphasizes the need to monitor for vulnerabilities and make "timely" updates to correct them. In addition, it calls for manufacturers to establish a "robust" software life cycle that includes monitoring for the effect of third-party software vulnerabilities.