FDA issued a direct to final guidance on Cybersecurity for devices containing off-the-shelf (OTS) software and used on intranets or the internet. It is in question and answer format and states basic FDA expectations for the device manufacturer.
The FAQ at the link provided was subsequently issued to explain the purpose of this guidance to Healthcare Organizations.