Center for Devices and Radiological Health

St. Jude cybersecurity vulnerabilities spark medical device hacking debate

Monday, January 16, 2017

A recent cybersecurity scandal involving St. Jude’s Merlin@home device sparked a renewed discussion within the medical device industry about the best way to address security flaws discovered by independent security experts, sometimes called “white hat” hackers. As medical devices become increasingly vulnerable to cyber attack, the industry has broadly accepted its new responsibility of continuously protecting approved devices from potential security breaches.

[Read More]

Regulatory Update, June 2016

Wednesday, June 1, 2016

FDA Proposed Rule on Administrative Actions for IRB Noncompliance

In the April 4, 2016, Federal Register, the FDA proposed amending the regulations describing lesser administrative actions that may be imposed on an Institutional Re­view Board (IRB) that has failed to comply with applicable IRB regulations. The FDA is taking this action to ensure clarity and ac­curacy of the regulations. The FDA is pro­posing to amend language in 21 CFR 56.120 (b) that describes lesser administrative ac­tions the FDA may impose on an IRB until the IRB takes appropriate action to correct noncompliance identified during an FDA inspection of the IRB. This revision would state that the FDA has authority to require the IRB withhold approval of new FDA-regulated studies conducted at the institu­tion or reviewed by the IRB, to direct the IRB that no new subjects may be enrolled in ongoing studies and to terminate ongoing studies, provided that doing so would not endanger study subjects. Disqualification of the IRB would be used only if the non­compliance adversely affects the validity of the data or the rights or safety of the human subjects and lesser actions (e.g., warnings or rejection of data from individual clinical in­vestigations) have not been or probably will not be adequate in achieving compliance.

[Read More]