The Food and Drug Administration (FDA) published a draft update to its premarket cybersecurity guidance for device makers on October 18, 2018. The expanded draft guidance includes recommendations on tiered classification of cybersecurity risk, trustworthiness, cybersecurity bill materials, and device cybersecurity labeling that are specific enough to be helpful to manufacturers while at the same time keeping the guidance sufficiently flexible to comply with an industry filled with advancing devices that pose greater and more complicated cybersecurity risks. Manufacturers of internet-connected medical devices or other medical devices that present a cybersecurity risk should expect increased scrutiny from the FDA regarding their device’s cybersecurity protection and should consider conducting device risk assessments early and throughout the product design lifecycle to meet these recommendations. On January 29-30, 2019, the FDA will hold a meeting to review the draft guidance, and any questions are due by March 8, 2019. To read more about the FDA’s cybersecurity guidance for device-makers, click here.