What is the FDA’s approach to regulating AI-enabled medical devices?

The FDA has proposed a Total Product Lifecycle approach for regulating AI/ML-enabled medical devices. This draft guidance emphasizes ongoing oversight across design, development, deployment, and post-market performance, ensuring safety and effectiveness as algorithms evolve.

Why is cybersecurity a critical issue for AI-enabled medical devices?

AI-enabled medical devices are often connected to healthcare networks, making them vulnerable to cyberattacks. Threats to device integrity, data privacy, and patient safety increase as the Internet of Medical Things (IoMT) expands. Robust cybersecurity protections are essential to reduce risks.

What are the unique cybersecurity risks in the Internet of Medical Things (IoMT)?

The IoMT introduces risks such as unauthorized access, manipulation of device performance, and exploitation of software vulnerabilities. These risks are heightened in devices like AI-enabled insulin pumps, where a breach could have direct consequences for patient health.

How does the FDA recommend addressing cybersecurity in AI/ML medical devices?

The FDA encourages manufacturers to use Secure Product Development Frameworks, implement a Software Bill of Materials (SBOM), and apply risk management strategies throughout the product lifecycle to strengthen cybersecurity and regulatory compliance.

What is an example of cybersecurity challenges in AI-enabled medical devices?

A real-world case study of an AI-enabled insulin pump highlights how vulnerabilities in connectivity and algorithm updates can create cybersecurity risks. These challenges underscore the importance of proactive monitoring, secure coding, and lifecycle-based regulatory compliance.

New Webinar: “AI-Enabled Medical Devices: New FDA Draft Guidance and Cybersecurity Insights”

Wednesday, September 10, 2025

11:00 am – 12:00 pm E.T.

Duration: 60 Minutes

Webinars

Series

Healthcare Regulatory Roundup

Twice each month, PYA experts discuss the latest industry developments as part of our popular Healthcare Regulatory Roundup (HCRR) webinar series. In addition to straightforward explanations of those developments and actionable guidance, attendees will be offered the chance to earn continuing professional education units in selected sessions.

The Food and Drug Administration (FDA) has issued draft guidance to establish a comprehensive regulatory framework for artificial intelligence and machine learning (AI/ML) in medical devices. As AI becomes embedded in connected health technologies, the cybersecurity risks associated with such devices are growing exponentially.

This webinar explores how the FDA’s lifecycle-based approach to AI regulation intersects with cybersecurity for connected medical devices. Principals Barry Mathis and John Cross will provide an overview of the FDA’s draft guidance on AI/ML-enabled medical devices and discuss how cybersecurity risks in the Internet of Medical Things (IoMT) can be addressed.

Attendees will gain knowledge through these learning objectives:

Learn about AI and its use cases, including use in embedded medical devices
Understand the FDA’s Total Product Lifecycle approach to regulating AI/ML-enabled medical devices
Identify cybersecurity risks unique to IoMT devices
Analyze a real-world case study of an AI-enabled insulin pump and its cybersecurity implications
Apply compliance strategies, including Secure Product Development Frameworks and Software Bill of Materials, to meet FDA expectations

This webinar is part of PYA’s twice-monthly Healthcare Regulatory Roundup, a popular series during which PYA experts provide practical insights on the latest industry regulatory developments.

PYA is dedicated to helping healthcare organizations understand regulatory requirements and prepare for and respond to cybersecurity threats.