Key takeaways

• The FDA’s new guidance for medical device manufacturers, “Postmarket Management of Cybersecurity in Medical Devices,” provides specific risk mitigation recommendations and strongly suggests that the FDA will deem the failure to correct a significant cybersecurity vulnerability to be a violation of the Food, Drug & Cosmetic Act.
• This confirms certain key trends in cybersecurity that are relevant to all industries: increased reliance on the NIST Framework; increasing comfort on the part of government in promoting highly specific cybersecurity standards; and a movement toward sector-specific regulation.