April 18, 2021

Volume XI, Number 108


April 16, 2021

Subscribe to Latest Legal News and Analysis

FDA Names First Acting Director of Medical Device Cybersecurity

The U.S. Food and Drug Administration (FDA) named University of Michigan Associate Professor Kevin Fu Acting Director of Medical Device Security in its Center for Devices and Radiological Health. This is a newly created 12-month post in which Fu will “work to bridge the gap between medicine and computer science and help manufacturers protect medical devices from digital security threats.” Fu stated that his primary activities will include

  • Envisioning a strategic roadmap for the future state of medical device cybersecurity.

  • Assessing opportunities to fully integrate cybersecurity principles through the lens of the center’s total product life cycle model.

  • Training and mentoring CDRH staff for premarket and postmarket technical review of medical device cybersecurity.

  • Engaging multiple stakeholders across the medical device and cybersecurity ecosystems.

  • Fostering medtech cybersecurity collaborations across the federal government, including the National Institute of Standards and Technology, National Science Foundation, National Security Agency, Department of Health and Human Services, National Telecommunications and Information Administration, Cybersecurity and Infrastructure Security Agency, Department of Veterans Affairs, Department of Defense, Federal Trade Commission and others.

Fu also noted that “the FDA is working closely with federal partners — HHS and CISA — on sector incident and emergency response. The FDA’s 2021 efforts for the cybersecurity focal point program will further increase the review consistency of premarket submissions.”

The creation of this new post is the latest in the FDA’s ongoing efforts to promote cybersecurity in medical devices. As we previously reported, the FDA has published draft guidance for medical device manufacturers outlining steps that can be taken in the premarket process to better protect medical devices from cybersecurity threats. We expect this focus to continue especially as we see a rise in ransomware attacks and other hacking activity.

The FDA’s increasing focus on cybersecurity is yet another reason relevant employers and medical device manufacturers should continue to assess and address potential data security risks.

Jackson Lewis P.C. © 2021National Law Review, Volume XI, Number 56



About this Author

Michael Bertoncini, Jackson Lewis, labor relations attorney, employment litigation lawyer, NLRB proceedings counsel, arbitration law

Michael R. Bertoncini is a Principal in the Boston, Massachusetts, office of Jackson Lewis P.C. He practices labor and employment law, with a particular emphasis on labor relations, and employment law counseling and litigation.

In labor relations matters, he regularly counsels clients on the practice of positive employee relations, negotiates collective bargaining agreements on behalf of organized clients, represents clients in labor arbitrations and National Labor Relations Board proceedings, and counsels clients with...