The MedTech Security Podcast

This report from The MITRE Corporation outlines critical cybersecurity risk managementstrategies for medical devices utilizing modern, high-tech innovations. It specifically examines the integration of cloud computing, artificial intelligence and machine learning (AI/ML), and post-quantum cryptography (PQC) within the healthcare sector. The text identifies unique threats, such as data poisoning in AI models and quantum computing attacks on traditional encryption, which could jeopardize patient safety. To counter these vulnerabilities, the authors recommend adopting resilient architectures, utilizing Software Bills of Materials (SBOMs), and establishing clear governance frameworks between manufacturers and providers. Ultimately, the document serves as a comprehensive guide for maintaining device security throughout their entire product lifecycle in a rapidly shifting technological landscape.

FDA released an updated compliance manual which includes a separate section on Cybersecurity. During a domestic inspection, investigators evaluate cybersecurity by reviewing whether "cyber devices" conform to the specific statutory requirements established in Section 524B(b)(2) of the FD&C Act. This podcast walks through the impact of this on medical device manufacturers and discusses areas to be aware and prepared for.

The U.S. Food and Drug Administration (FDA) has issued a comprehensive guidance titled “Computer Software Assurance for Production and Quality System Software“ on 23rd September 2025, which presents nonbinding recommendations for validating computers and automated data processing systems used in medical device production or within the quality system. Prepared by the Center for Devices and Radiological Health (CDRH) and the Center for Biologics Evaluation and Research (CBER), this document establishes a risk-based framework for Computer Software Assurance (CSA)—that specifically integrates modern concepts, including cybersecurity requirements, directly into quality assurance activities. Detailed articles can be found here https://aktriva.com/articles/cybersecurity-in-quality-fdas-guidance-on-computer-software-assurance/

This episode analyzes the new FDA pre-market guidance released on June 2025