What's new in MedTech cyber
Short, dated updates on FDA enforcement, EU MDR/MDCG guidance, standards revisions, and notable vulnerabilities.
Subscribe via RSS-
FDAUpdated · 3d ago
Mid-2026 field notes: what's tripping up 524B submissions right now
Five months into the Feb 3, 2026 guidance, a clear pattern of deficiencies has emerged around SBOM depth, VEX handling, and AI/ML threat modeling. Here's what reviewers are flagging most this quarter.
Read update -
StandardsUpdated · 13d ago
HHS 405(d) HICP 2026 refresh: what changes for MedTech manufacturers
The Health Industry Cybersecurity Practices (HICP) 2026 refresh from HHS 405(d) tightens the manufacturer-facing sections, especially around SBOM disclosure to HDOs and coordinated vulnerability handling.
Read update -
FDAUpdated · 1mo ago
PCCPs and cybersecurity: what changes when your AI model updates itself
FDA's Predetermined Change Control Plans let AI/ML devices ship updates without a new submission - but the cyber risk surface moves with every retrain. Here's how to scope a PCCP that doesn't quietly invalidate your 524B package.
Read update -
EU MDRUpdated · 3mo ago
MDCG 2019-16 Rev.2 lands - Notified Body audits are catching up
The latest revision to MDCG 2019-16 tightens expectations around SBOMs, post-market vulnerability handling, and traceability between security risk controls and design outputs. Here's the FDA-to-CE gap, condensed.
Read update -
FDAUpdated · 5mo ago
FDA issues updated premarket cybersecurity guidance (Feb 3, 2026)
The FDA's Feb 3, 2026 revision to 'Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions' is now the current final guidance. Here's what changed versus the 2023 edition and what to update in your submission templates.
Read update -
FDAUpdated · 5mo ago
QMSR replaces 21 CFR 820 - what changes for cybersecurity
FDA's Quality Management System Regulation harmonizes Part 820 with ISO 13485. Cyber design controls and CAPA expectations carry over with subtle scoping changes.
Read update -
FDAUpdated · 9mo ago
Two years of Section 524B: what FDA reviewers are pushing back on
Patterns from recent deficiency letters: weak SBOM hygiene, missing VEX statements, and CVD policies that exist on paper but have no real intake.
Read update -
EU MDRUpdated · 11mo ago
MDCG 2019-16 Rev.2 expectations carry into Notified Body audits
European Notified Bodies are now expecting evidence of IEC 81001-5-1 alignment, not just MDCG 2019-16 narrative.
Read update -
SiteUpdated · 1y ago
MedTechCyberTips.com is live
Nine deeply organized topics, a guided journey, and a glossary covering every acronym in FDA cyber guidance.
Read update