• Medical Device QMS Cybersecurity: Threat Modeling

    The FDA considers threat modeling fundamental in your premarket submission and expects you to include system level risks in its creation and deployment. But how do we go about threat modeling for our device? And how do we build the requisite QMS infrastructure and processes? This article shares a four-step strategy.

  • New EU Directive Marks Cybersecurity Regulatory Paradigm Shift For Bio/Pharma & Medical Devices

    The EU's new Directive 2022/2555 on the Security of Network and Information Systems (“NIS2”) mandates cybersecurity risk management measures and reporting requirements for all segments of our industry, including labs; CROs and CDMOs; and manufacturers of APIs, bio/pharmaceuticals, and medical devices.

  • FDA Vs. Congress: The Software Showdown

    September 2022 will be remembered as a seminal turning point in digital health in the U.S. With the FDA’s final guidance on Clinical Decision Support (CDS) software, the FDA disregards a Congressional directive when it enacted the 21st Century Cures Act in 2016. 

  • cGMPs For SaMDs

    Unlike traditional medical devices, software as a medical device (SaMD) can blur the lines between the design and development stages and the production aspect of commercialization. So, what are the activities necessary for medtech manufacturers to be compliant with the traditional cGMP framework?

  • FDA Releases Guidance On Cybersecurity In Medical Devices

    The digital revolution that resulted in the IoT, IoMT, SaMD, and connected devices comes with the possibility of cyberattacks. The FDA's latest efforts to enhance medical device cybersecurity include a new draft guidance (covered in this article) and bipartisan congressional support of the PATCH Act of 2022 (which will be covered in a future article).

  • FDA Releases Guidance On Digital Health Data Acquisition In Clinical Investigations

    Increasingly, digital health technologies are becoming part of the conduct of clinical trials. They cover a broad range of applications, including ingestible and implantable sensors, wearables, electronic signatures on consent forms, and more. This article summarizes the key takeaways of the FDA's new draft guidance, Digital Health Technologies for Remote Data Acquisition in Clinical Investigations. The public comment period ends March 22, 2022.

  • The Clinical Trial Sponsor’s Roadmap To Avoid EMA (Cyber) Perdition

    Clinical trials are one of the sectors most vulnerable to cyberattacks. In the European Medicines Agency (EMA)'s Guideline on computerized systems and electronic data in clinical trials set to come into effect in 2022, the EMA goes beyond the traditional software validation and data integrity expectations. It sets requirements and expectations pertaining to user management and ongoing security measures.

  • Digital Health Apps & SaMD: Incorporating Privacy In Design & Development

    Some digital health apps are regulated by the FDA and other regulatory bodies, and some are not. But all software as a medical device (SaMD) and digital health apps have a common expectation: privacy. This article delves into the related regulations and how to go about developing your app or SaMD using the 7 principles of privacy by design.

  • CMS Takes Aim At Medical Device Cybersecurity – How To Ensure Continuous Medicare/Medicaid Coverage

    In its June 2021 report, the U.S. Office of Inspector General declared that Medicare lacks consistent oversight of cybersecurity for networked medical devices in hospitals. The Centers for Medicare & Medicaid Services (CMS) is now considering additional ways to highlight the importance of medical device cybersecurity, in conjunction with the FDA and the Office for Civil Rights.

  • Are You Ready For The FDA’s “Data Effect” Tsunami? 8 Steps To Prepare

    The FDA is moving forward with its Data Modernization Action Plan, the next leg of the Technology Modernization Action Plan. As such, you'll need to prepare yourself for the influx of questions, audits, observations, warning letters, and more. Here's what you can do to position yourself for success.


John Giantsidis

John Giantsidis is the president of CyberActa, Inc, a boutique consultancy empowering medical device, digital health, and pharmaceutical companies in their cybersecurity, privacy, data integrity, risk, SaMD regulatory compliance, and commercialization endeavors. He is also a member of the Florida Bar’s Committee on Technology and a Cyber Aux with the U.S. Marine Corps. He holds a Bachelor of Science degree from Clark University, a Juris Doctor from the University of New Hampshire, and a Master of Engineering in Cybersecurity Policy and Compliance from The George Washington University. He can be reached at