1. You are here:
  2. Homepage
  3. News & Insights Search
  4. Premarket Device Cybersecurity: Health Canada Issues Draft Guidance

rf-fullcolor.png

 

Regulatory News
December 7, 2018
by Ana Mulero

Premarket Device Cybersecurity: Health Canada Issues Draft Guidance

 Health Canada posted a new draft guidance document on Friday to aid medical device manufacturers in complying with premarket cybersecurity requirements.
 
The move comes as more regulators seek to expand on considerations for the cybersecurity of medical devices as the health care sector became a prime target for cyberattacks amid an increasingly connected ecosystem.
 
The US Food and Drug Administration (FDA) issued premarket draft guidance for medical devices containing cyber risks in October. Both the Canadian and US regulators are active participants in the International Medical Device Regulators Forum (IMDRF), which recently agreed to pick up cybersecurity as a new work item.
 
Similar to FDA’s renewed push to extend cybersecurity considerations across the total product lifecycle, Health Canada said it “considers cybersecurity a component of the medical device’s design and lifecycle that can impact safety and effectiveness.” Health Canada stressed that “manufacturers should consider cybersecurity when designing their medical device.”
 
Another shared theme between FDA’s and Health Canada’s new premarket draft guidances involves a policy clarification around cybersecurity being a shared responsibility. “Medical device cybersecurity is a shared responsibility between the manufacturer, regulator, user and network administrator,” Health Canada said.
 
The consultation on Health Canada’s draft guidance will remain open until 5 February 2019 for device manufacturers and other stakeholders to provide feedback on the new policy statements.
 
The requirements outlined in the draft guidance relate to device and package labeling, documentation for seeking premarket approval, marketing history, risk assessments, device-specific quality, safety and effectiveness. The draft guidance also provides recommendations for a four-pronged approach to a “medical device cybersecurity strategy.”
 
The recommended strategy includes a secure device design, device-specific risk management, verification and validation, as well as monitoring and responding to emerging risks. 

Consultation: Pre-market Requirements for Medical Device Cybersecurity
Return to listing
×

Welcome to the new RAPS Digital Experience

We have completed our migration to a new platform and are pleased to introduce the updated site.

What to expect: If you have an existing login, please RESET YOUR PASSWORD before signing in. After you log in for the first time, you will be prompted to confirm your profile preferences, which will be used to personalize content.

We encourage you to explore the new website and visit your updated My RAPS page. If you need assistance, please review our FAQ page.

We welcome your feedback. Please let us know how we can continue to improve your experience.