FDA says sharing device manuals with ISOs does not create cybersecurity concerns

September 01, 2021

While acknowledging that the FDA is continuing to seek stakeholder input on this topic and will evaluate this input, the FDA plainly stated its thinking with regard to opponents of the exemption:

“FDA therefore does not share the view that an exemption from liability under 17 U.S.C. §1201 for circumvention conducted solely for purpose of diagnosis, maintenance, or repair of medical devices would necessarily and materially jeopardize the safety and effectiveness of medical devices in the United States with respect to cybersecurity…”(emphasis supplied).

Training and education based on your needs

Stay up to date with the latest training to fix, troubleshoot, and maintain your critical care devices. GE HealthCare offers multiple training formats to empower teams and expand knowledge, saving you time and money

Though it is not known what the final impact of the FDA’s supportive letter to the Copyright Office will be, Stephen Grimes of Strategic Healthcare Technology Associations, a knowledgeable industry observer and co-author of the AAMI Medical Device Cybersecurity Guide, saw the FDA letter and its implications as quite impactful.

Robert J. Kerwin

“Once again, the FDA has demonstrated a willingness to look past unfounded claims of quality and cybersecurity risks being strongly voiced by parties who may possess other motives," Grimes said.

It will be very interesting in the coming months to learn of the final determination of the petition. What is also quite interesting is the FDA seems to be readily acknowledging that device servicing entities may be well positioned to help identify and address security vulnerabilities. Stay tuned.

About the author: Robert J. Kerwin is general counsel for IAMERS, the International Association of Medical Equipment Remarketers and Servicers.

Back to HCB News


(2) (8) Tim Martin Like the article September 03, 2021 11:03 Good article. Log inor Register to rate and post a comment (28) (1) Wayne Webster It's abut time September 07, 2021 02:32 Glad to see that regulatory bodies can step away from the many claims made by manufacturers and address the issues straight on. We don't know where it will all end but, there seems to be a possibility for a rational outcome. Log inor Register to rate and post a comment (1) Peter Pohli Still a missing link remains. October 05, 2021 10:39 The Triennial Rulemaking Proceeding appear to be a hopeful step in the right direction, but I continue to be baffled by the silence in the laboratory instrument service arena. There is clear headway being made in the right-to-repair movement of consumer, automotive, and agricultural products, spearheaded by the efforts of repair.org and other similar organizations. In the medical instrument field, IAMERS is doing a similar good work for the benefit of patients, consumers, and ISOs. Caught in the void between the two, is the laboratory service industry. While laboratory instrument service and repair stretches its reach a little into both the other categories, there are many manufacturers who feel they are exempt from either of these two categories and blatantly snub their noses at ISOs, right to repair legislation, and anything else that doesn't maximize their bottom line, no matter how unethical it may be. For example, one manufacturer of cryostats used to sell their service manual for about $4000 per manual per model. (Already outrageous.) When my company finally decided we needed to buy one, we were told that "the FDA no longer allows the sale of the service manual." (A bald-faced lie, at best.) Many other companies don't even try to hide behind a lie and will simply tell you that they only allow their in-house technicians to service their instruments. My search continues for an organization who actively represents this gap. It would seem that government agencies should embrace supporting ISOs for laboratory instrument servicing, since so many of them are also victims of this abuse by scrupulous manufacturers. Everything from colleges and universities to OSHA and environmental testing labs all end up overpaying for service when OEMs refuse to support ISOs. If anyone is aware of such an organization, I would love to know about it! Log inor Register to rate and post a comment
You Must Be Logged In To Post A Comment Sign In If you've already created an account, use your email address and password to sign in using the form below. Login Problems: Click here if you are having login issues. Email address: Password: Forgot your password? Login Problems? View our Legal Notice and Privacy Notice Register Registration is Free and Easy. Enjoy the benefits of The World's Leading New & Used Medical Equipment Marketplace. Register Now!