This blog post contains a copy of the questions and comments we’ve submitted to the FDA regarding their latest Medical Device Cyber Security Pre-Market Guidance draft (Link Here). In our previous blog post, we provided an overview of the draft. We believe that overall the new guidance is an excellent step in the right direction and hope to help improve upon it by issuing these questions. Check back in the future as we hope to provide updates when or if we hear back from the FDA.
To: CyberMed@fda.hhs.gov
Cc: Suzanne Schwartz, Office of the Center Director
The following are questions and comments being submitted in response to the “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices” document currently in circulation, published October 2018. Please don’t hesitate to contact me for any clarifications or follow up questions. Questions and Comments
The actions proposed in this document are very encouraging for improving overall patient safety, and the ability for providers to manage their devices in a more secure manner. If these questions or comments can be clarified in any way, please don’t hesitate to contact me. Mike Pinch |

Mike Pinch
Mike joined Security Risk Advisors in 2018 after serving 6 years as the Chief Information Security Officer at the University of Rochester Medical Center. Mike is nationally recognized as a leader in the field of cybersecurity, has spoken at conferences including HITRUST, H-ISAC, RSS, and has contributed to national standards for health care and public health sector cybersecurity frameworks.
Mike has built and operated enterprise public cloud environments for over a decade, with primary focus on AWS and Azure environments. He frequently advises clients in helping to adapt their cybersecurity programs to the new challenges that cloud adoption creates.
Mike focuses on security architecture and strategy, Zero Trust design, cloud security, emerging technologies, and electronic medical record protection programs.