Deep dives on FDA expectations, threat modeling, penetration testing, SDLC, and the standards your team is being asked to meet.
Showing 12 of 270 articles · Page 1 of 23
What happens if you fail an FDA cybersecurity inspection: the 483-to-consent-decree enforcement ladder and the commercial fallout for device makers.
Read article
How to document update cadence for an FDA 524B submission: the regular cycle and the out-of-cycle expedited path reviewers expect under 524B(b)(2)(B).
Read article
FDA Section 524B applies to any new premarket submission for a cyber device, including legacy platforms. What attaches, what postmarket rules cover the rest.
Read article
SPDF vs SSDLC for medical devices. Why the FDA's Secure Product Development Framework demands more than a standard Secure SDLC, and what to add.
Read article
What medical device cybersecurity actually costs in 2026 - the four cost drivers, fixed-fee vs hourly pricing, premarket vs postmarket budget lines, and the cost of delay.
Read article
How SPDF activities map to IEC 62304 software lifecycle processes - the exact crosswalk FDA reviewers expect, where they overlap, and where 62304 falls short.
Read article
The threat intelligence sources medical device manufacturers should monitor to satisfy FDA Section 524B postmarket obligations: H-ISAC, CISA KEV, ICS advisories, NVD, MITRE ATT&CK for ICS, and vendor PSIRTs.
Read article
A subsection-by-subsection walkthrough of FDA Section 524B for cyber medical devices: what 524B(a), (b)(1), (b)(2), (b)(3), (b)(4), and (c) require, what artifacts satisfy each, and the deficiency patterns reviewers flag most.
Read article
How to run CAPA for medical device cybersecurity findings: when a vulnerability or FDA deficiency triggers a CAPA, what evidence closes it, and how the QMSR loop ties to 524B postmarket obligations.
Read article
FMEA covers random and systematic failure modes; threat modeling covers adversarial action. Both are required for a 524B submission, and they do not substitute for each other. Here is how to scope them, link them, and avoid the gap.
Read article
How HHS 405(d) and the Health Industry Cybersecurity Practices (HICP) Medical Device Security practice maps to FDA Section 524B artifacts, and how manufacturers should align their premarket and postmarket programs to satisfy both reviewers and hospital procurement.
Read article
What the FDA's Feb 3, 2026 guidance expects for penetration test recency, version-match, post-change re-testing, and pre-submission remediation, plus when a delta re-test will do and when you need a full one.
Read article30-minute strategy session. No cost, no commitment - just answers from people who've shipped 250+ FDA submissions.
