Cybersecurity is now officially a component in FDA review

The FDA's March 30th, 2023 announcement that they will begin issuing Refuse to Accept (RTA) letters for device submissions that do not meet their cybersecurity guidance has added pressure for med tech companies to formalize their cybersecurity strategies.

MedCrypt was founded to help healthcare technology companies build products that are secure by design. Our team consists of former medical device engineers, cybersecurity experts, and regulators. MedCrypt's software and services can help you satisfy these new regulatory requirements, and focus on bringing life-changing clinical features to your patients.

Get our expert help today

Get peace of mind

We understand how quickly the security landscape is changing, and how important it is to your business and patients to ensure the maximum probability of regulatory approval. Contact us to learn how we can help with:

  • communications with FDA about your product’s cybersecurity (e.g., RTA, warning letters, pre-submission planning, etc.)
  • security strategies for future submissions
  • tools to help implement the security features the FDA now requires
Contact us today

What does Refuse to Accept mean to me?

The FDA is moving forward with its authority under the new section 524B of the FD&C act.

This means that it is now a requirement for medical device manufacturers to:

  • build your device to be secure by design

  • develop strategies to monitor and maintain the security of that device throughout its lifecycle
  • generate the requisite documentation proving you’ve built a secure device and have a plan to maintain that security

How long do I have to fix these issues?

You need to start working on your remediation plan today to avoid any unexpected delays.

The FDA will issue its final guidance in September. As of October 1, 2023, the FDA will start sending Refuse to Accept responses to any medical device manufacturers who have not submitted the requisite strategy and documentation to show that their device is secure today and that they have a plan to maintain that security throughout the lifecycle of the device.

Contact us today so we can help navigate potential pitfalls to ensure that your FDA submission is complete.

Get peace of mindRequest a demo

We live and breathe healthcare cybersecurity

A medical device may look like just another IoT device, but regulatory constraints and their unique use case require a healthcare-first approach to cybersecurity. MedCrypt's solutions are built specifically for medical devices, which means clinical functionality, patient safety, and care delivery are always the highest priority.