Content area
FDA cybersecurity requirements The Federal Drug Administration (FDA) has established medical device cybersecurity requirements in “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions Guidance for Industry and Food and Drug Administration Staff,” issued on Sept. 27, 2023. Because of concurrent programming errors, the Therac-25 sometimes gave its patients radiation doses that were hundreds of times greater than normal, resulting in the possibility of death or serious injury. (The cellphone app was software, but draining the pump was hardware.) Pump shutdown could cause insulin delivery to be suspended, which could lead to an under-delivery of insulin that might result in hyperglycemia or even diabetic ketoacidosis, which can be a life-threatening condition due to high blood sugars and lack of insulin.