FDA’s Digital Transformation and the regulation of Medical Device Cybersecurity?
I read the recent FDA post that discussed the FDA’s Digital Transformation:
“Today, the U.S. Food and Drug Administration announced the reorganization of the agency’s information technology (IT), data management and cybersecurity functions into the new Office of Digital Transformation (ODT).”
Then I was reading an email from a news service that provides information and news targeting those that work in industries regulated by the US FDA. The email stated, “The new office’s cybersecurity function will be especially relevant to devices, given increasing concerns about the vulnerability of some devices to online hacking.”
IMO this could be a bit confusing and misleading to imply that the FDA Digital Transformation Cybersecurity Function will be especially relevant to devices.
IMO from my first read of the original FDA Digital Transformation post I do not believe that the activity included in Digital Transformation has a focus on medical device cybersecurity or the regulation of medical device cybersecurity.
This entire Office of Digital Transformation is about computers networks and data resources owned and operated by the agency, aka FDA IT and has minimal connections with regulated products.
I did ask a colleague at the FDA about this and heard back the following: “Digital Transformation is primarily Information Technology. It’s not related to medical device security regulation directly. Of course, DT helps with basic administrative operations indirectly.”
Medical Device Regulatory Information is available on the Digital Health Center of Excellence website. It is my understanding that the Digital Health Center of Excellence is part of CDRH while the Office of Digital Transformation is now part of the Office of Commissioner.
Medical Device Cybersecurity Guidance can be accessed on the FDA’s Digital Health Center of Excellence webpage https://www.fda.gov/medical-devices/digital-health-center-excellence/cybersecurity#guidance
See our recent post on cybersecurity: Cybersecurity Perspective – Physical OTS Components in Medical Devices