The Learning Portal will be under maintenance Saturday, 8 August between 6 AM and 6 PM EST. Portal functionality will be unavailable during this window.
We apologize for any inconvenience caused during this time.

RAPS is closely monitoring developments in the Coronavirus (COVID-19) outbreak. See our public safety page for the latest updates.

 
  • Regulatory NewsRegulatory News

    VA Works With UL to Ensure Cyber Safety of Connected Devices

    The US Department of Veteran Affairs (VA) recently completed a two-year Cooperative Research and Development Agreement (CRADA) for medical device cybersecurity with UL, a science safety organization that has cybersecurity standards and conformity assessment programs.   Between 2016 and 2018, the VA used the UL 2900 Series of Standards as a benchmark to identify critical cybersecurity vulnerabilities in connected medical device deployment and lifecycle management, as we...
  • Regulatory NewsRegulatory News

    2020 Guidance: CDRH Offers a Look at What’s Coming

    FDA’s Center for Devices and Radiological Health (CDRH) on Friday released its FY 2020 draft and final guidance list, which features a few repeats from last year and new drafts coming on device servicing and remanufacturing, unique device identification and patient-reported outcome measures used in device submissions, among others. As in years past, CDRH divides the list between “A-list” draft and final guidances, which are a priority, and a smaller “B-list” of draft an...
  • Regulatory NewsRegulatory News

    IMDRF Offers New Guidance on Cybersecurity

    In its first guidance document to deal exclusively with the cybersecurity of medical devices, the International Medical Device Regulators Forum (IMDRF) this week released new general principles and best practices to facilitate better international regulatory convergence on the topic. The 45-page guidance document, developed by a working group led by officials from the US Food and Drug Administration (FDA) and Health Canada, includes both pre-market and post-market cyber...
  • Regulatory NewsRegulatory News

    CDRH Committee Discusses Challenges in Communicating Cybersecurity Concerns

    The US Food and Drug and Administration’s (FDA) Center for Devices and Radiological Health (CDRH) on Tuesday convened its Patient Engagement Advisory Committee (PEAC) to discuss the difficulties and challenges in communicating cybersecurity safety risks and threats. Since 2013, CDRH has released safety communication related to eight device cybersecurity concerns, although the center notes that issues are customarily disclosed when there is a software update to fix an is...
  • Regulatory NewsRegulatory News

    EU MedTech Industry Signals Need for Harmonized Approach to Cybersecurity

    EU’s medical technology trade association on Wednesday issued new recommendations to ensure a harmonized approach on medical devices and digital health technology cybersecurity. The European Coordination Committee of the Radiological, Electromedical and Healthcare IT Industry (COCIR) developed a set of seven recommendations to EU authorities to help guide a harmonization strategy for cybersecurity in line with security requirements set via new or forthcoming legislative...
  • Regulatory NewsRegulatory News

    AdvaMed Responds to Senator’s Call to Advance Cybersecurity

    Responding to a letter from Sen. Mark Warner (D-VA) that called for a collaborative effort to advance cybersecurity in health care, medical device industry group AdvaMed sought to ease concerns about the impact of cyber attacks with updates on industry and regulators’ moves in line with its five principles. The industry trade association’s board of directors adopted the set of five medical device cybersecurity principles in 2017 to drive best practices across its member...
  • Regulatory NewsRegulatory News

    FDA, DHS Alert to Cybersecurity Flaws Affecting Medtronic Cardiac Devices, Programmers, Monitors

    Hundreds of thousands of units of Medtronic implantable cardiac devices, programmers and home monitors are vulnerable to cybersecurity incidents, according to two US federal government notices. On Thursday, the US Food and Drug Administration (FDA) issued an FDA safety communication, while the US Department of Homeland Security's (DHS) Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory to flag cybersecurity vulnerabilities detected in...
  • Regulatory NewsRegulatory News

    DITTA Pinpoints Cybersecurity Best Practices Amid IMDRF Work

    The industry group that set forth the new work item for a globally harmonized approach to medical device cybersecurity, which is currently under development, released a new white paper that provides an overview of best cybersecurity practices in medical technology manufacturing. The new white paper is intended to increase a manufacturer’s level of cybersecurity sophistication in manufacturing and engineering processes by following seven principles. These include segment...
  • Regulatory NewsRegulatory News

    FDA-tasked Mitre Forges Ahead with Cyber Vulnerability Scoring System Tailored to Devices

    Under a US Food and Drug Administration (FDA) contract, a new rubric developed by the Mitre Corporation is the first-of-its-kind to be specifically tailored to medical devices, and is set to take the form of a medical device development tool (MDDT) to ensure consistency in scoring cybersecurity risks. The common vulnerability scoring system (CVSS) open standard for assessing software vulnerability severity has seen widespread use on an international scale since its 2005...
  • Regulatory NewsRegulatory News

    Cybersecurity: FDA, Industry Groups Welcome Joint Plan

    The Healthcare and Public Health Sector Coordinating Council (HSCC) released a new medical device and health IT joint security plan (JSP) Monday to serve as a reference guide for strengthened cybersecurity. Industry-driven public-private partnership HSCC developed the new JSP in response to 2017 recommendations from the Health Care Industry Cybersecurity Task Force. It specifically addresses the second imperative identified by the task force—increase the security and re...
  • Regulatory NewsRegulatory News

    TGA Pushes for Total Product Lifecycle Approach to Medical Device Cybersecurity

    New draft guidance from Australia’s Therapeutic Goods Administration (TGA) encouraged use of regulatory policies that span total product lifecycles (TPLC) to ensure medical device cybersecurity. A “growing area of interest” for TGA relates to “a large number” of class II, class III and active implantable devices registered in Australia that contain “electronic components with embedded software, have a software accessory or are a software device,” the regulator noted in ...
  • Regulatory NewsRegulatory News

    Premarket Device Cybersecurity: Health Canada Issues Draft Guidance

     Health Canada posted a new draft guidance document on Friday to aid medical device manufacturers in complying with premarket cybersecurity requirements.   The move comes as more regulators seek to expand on considerations for the cybersecurity of medical devices as the health care sector became a prime target for cyberattacks amid an increasingly connected ecosystem.   The US Food and Drug Administration (FDA) issued premarket draft guidance for medical devices ...