Regulatory Open Forum

We have a device that is going to be connected to wifi of the hospital and my question is would it be ok for the device to update its software using wifi?
What guidances and regulations should I be looking into? And what about cyber security
And if we update the software from the hospital wifi, would the old version be considered as a silent recall? My thought is this would be a silent recall - just want to confirm it with industry peers.
Thanks!

Hi Lulu

Yes, it's ok to use most any technology that works and is convenient for your users.

Yes, read the cybersecurity guidances. They are very important in a situation like this. Also basic risk management.

No, there is no US concept of silent recall. An ordinary upgrade is not a recall, and if you're doing an actual recall you aren't usually allowed to be silent about it. This guidance may help clarify the difference: https://www.fda.gov/regulatory-information/search-fda-guidance-documents/distinguishing-medical-device-recalls-medical-device-enhancements

We have a device that is going to be connected to wifi of the hospital and my question is would it be ok for the device to update its software using wifi?
What guidances and regulations should I be looking into? And what about cyber security
And if we update the software from the hospital wifi, would the old version be considered as a silent recall? My thought is this would be a silent recall - just want to confirm it with industry peers.
Thanks!

Hi Lulu, What is the reason for the update, what functionality changed, what is the difference between old version and new version, all these will help you understand what kind of action is required. It is a good practice to document the thought process and reference guidance what is the decision in such cases.
when a manufacturer remotely updates or patches the software of a medical device for safety concerns and defects It mandates a recall.
If it is just an enhancement then it is not a device recall, again enhancement definition has to be met according to recall guidance shared by Anne (Distinguishing Medical Device Recalls from Medical Device Enhancement)

Hi Lulu

Yes, it's ok to use most any technology that works and is convenient for your users.

Yes, read the cybersecurity guidances. They are very important in a situation like this. Also basic risk management.

No, there is no US concept of silent recall. An ordinary upgrade is not a recall, and if you're doing an actual recall you aren't usually allowed to be silent about it. This guidance may help clarify the difference: https://www.fda.gov/regulatory-information/search-fda-guidance-documents/distinguishing-medical-device-recalls-medical-device-enhancements

We have a device that is going to be connected to wifi of the hospital and my question is would it be ok for the device to update its software using wifi?
What guidances and regulations should I be looking into? And what about cyber security
And if we update the software from the hospital wifi, would the old version be considered as a silent recall? My thought is this would be a silent recall - just want to confirm it with industry peers.
Thanks!

Hi Lulu

Yes, it's ok to use most any technology that works and is convenient for your users.

Yes, read the cybersecurity guidances. They are very important in a situation like this. Also basic risk management.

No, there is no US concept of silent recall. An ordinary upgrade is not a recall, and if you're doing an actual recall you aren't usually allowed to be silent about it. This guidance may help clarify the difference: https://www.fda.gov/regulatory-information/search-fda-guidance-documents/distinguishing-medical-device-recalls-medical-device-enhancements

------------------------------
Anne LeBlanc
United States

Original Message:
Sent: 30-May-2023 08:22
From: Lulu Zhang
Subject: Software and cyber security for 510(k)

We have a device that is going to be connected to wifi of the hospital and my question is would it be ok for the device to update its software using wifi?
What guidances and regulations should I be looking into? And what about cyber security
And if we update the software from the hospital wifi, would the old version be considered as a silent recall? My thought is this would be a silent recall - just want to confirm it with industry peers.
Thanks!

------------------------------
Lulu Zhang
Regulatory Affairs Manager/ PRRC
Canada
------------------------------

Hi Lulu

Yes, it's ok to use most any technology that works and is convenient for your users.

Yes, read the cybersecurity guidances. They are very important in a situation like this. Also basic risk management.

No, there is no US concept of silent recall. An ordinary upgrade is not a recall, and if you're doing an actual recall you aren't usually allowed to be silent about it. This guidance may help clarify the difference: https://www.fda.gov/regulatory-information/search-fda-guidance-documents/distinguishing-medical-device-recalls-medical-device-enhancements

We have a device that is going to be connected to wifi of the hospital and my question is would it be ok for the device to update its software using wifi?
What guidances and regulations should I be looking into? And what about cyber security
And if we update the software from the hospital wifi, would the old version be considered as a silent recall? My thought is this would be a silent recall - just want to confirm it with industry peers.
Thanks!

Hi Lulu

Yes, it's ok to use most any technology that works and is convenient for your users.

Yes, read the cybersecurity guidances. They are very important in a situation like this. Also basic risk management.

No, there is no US concept of silent recall. An ordinary upgrade is not a recall, and if you're doing an actual recall you aren't usually allowed to be silent about it. This guidance may help clarify the difference: https://www.fda.gov/regulatory-information/search-fda-guidance-documents/distinguishing-medical-device-recalls-medical-device-enhancements

We have a device that is going to be connected to wifi of the hospital and my question is would it be ok for the device to update its software using wifi?
What guidances and regulations should I be looking into? And what about cyber security
And if we update the software from the hospital wifi, would the old version be considered as a silent recall? My thought is this would be a silent recall - just want to confirm it with industry peers.
Thanks!

We have a device that is going to be connected to wifi of the hospital and my question is would it be ok for the device to update its software using wifi?
What guidances and regulations should I be looking into? And what about cyber security
And if we update the software from the hospital wifi, would the old version be considered as a silent recall? My thought is this would be a silent recall - just want to confirm it with industry peers.
Thanks!