As Prescribed

YOUR GO-TO SOURCE FOR ANALYSIS OF ISSUES AFFECTING THE PHARMA & BIOTECH SECTORS

DOJ

From Vulnerability to Violation: FDA Cybersecurity Requirements for Medical Devices and FCA Enforcement

In June 2025, the US Food and Drug Administration (FDA) issued a final guidance titled Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions (2025 Cybersecurity Guidance). This guidance updates the 2023 guidance of the same title with the agency’s interpretation of and compliance recommendations for new requirements for “cyber devices” under Section 524B of the Federal Food, Drug, and Cosmetic Act (FFDCA). These new statutory cybersecurity requirements, enacted in December 2022 as part of the Food and Drug Omnibus Reform Act (FDORA), are starting to take centerstage as the medical device sector begins to address new enforcement risks for cybersecurity deficiencies under more traditional fraud and abuse laws, such as the False Claims Act (FCA).

EDITOR

Maarika L. Kimbrell

Partner

Washington, DC

EXPLORE TOPICS

WANT TO RECEIVE NOTIFICATIONS?

ACCOLADES

Ranked, Life Sciences, Nationwide, Chambers USA (2021)
Ranked, Healthcare: Pharmaceutical/Medical Device, District of Columbia, Chambers USA (2021)
Recommended, Healthcare: Life Sciences, The Legal 500 US (2021)

WHO WE FOLLOW

INFORMATION

About Us & Contributors