• Secure By Design And Default: Compliant Medical Device Development

    The Cybersecurity and Infrastructure Security Agency, National Security Agency, FBI, and international partners issued recommendations for tech manufacturers to ensure product security and, thereby, assist medical device designers and manufacturers in meeting the quality system cybersecurity considerations mandated by the FDA. 

  • FDA’s Grace Period For Medical Device Cybersecurity Is Over. Are You Ready?

    The FDA had established a grace period for all medical device manufacturers to ensure that you are incorporating cybersecurity during the design and validation of cyber devices. The end date of the grace period, and the seminal date in medical device cybersecurity enforcement, is Oct. 1, 2023. Are you prepared?

  • Medical Device QMS Cybersecurity: Threat Modeling

    The FDA considers threat modeling fundamental in your premarket submission and expects you to include system level risks in its creation and deployment. But how do we go about threat modeling for our device? And how do we build the requisite QMS infrastructure and processes? This article shares a four-step strategy.

  • New EU Directive Marks Cybersecurity Regulatory Paradigm Shift For Bio/Pharma & Medical Devices

    The EU's new Directive 2022/2555 on the Security of Network and Information Systems (“NIS2”) mandates cybersecurity risk management measures and reporting requirements for all segments of our industry, including labs; CROs and CDMOs; and manufacturers of APIs, bio/pharmaceuticals, and medical devices.

  • FDA Vs. Congress: The Software Showdown

    September 2022 will be remembered as a seminal turning point in digital health in the U.S. With the FDA’s final guidance on Clinical Decision Support (CDS) software, the FDA disregards a Congressional directive when it enacted the 21st Century Cures Act in 2016. 

  • cGMPs For SaMDs

    Unlike traditional medical devices, software as a medical device (SaMD) can blur the lines between the design and development stages and the production aspect of commercialization. So, what are the activities necessary for medtech manufacturers to be compliant with the traditional cGMP framework?

  • FDA Releases Guidance On Cybersecurity In Medical Devices

    The digital revolution that resulted in the IoT, IoMT, SaMD, and connected devices comes with the possibility of cyberattacks. The FDA's latest efforts to enhance medical device cybersecurity include a new draft guidance (covered in this article) and bipartisan congressional support of the PATCH Act of 2022 (which will be covered in a future article).

  • FDA Releases Guidance On Digital Health Data Acquisition In Clinical Investigations

    Increasingly, digital health technologies are becoming part of the conduct of clinical trials. They cover a broad range of applications, including ingestible and implantable sensors, wearables, electronic signatures on consent forms, and more. This article summarizes the key takeaways of the FDA's new draft guidance, Digital Health Technologies for Remote Data Acquisition in Clinical Investigations. The public comment period ends March 22, 2022.

  • The Clinical Trial Sponsor’s Roadmap To Avoid EMA (Cyber) Perdition

    Clinical trials are one of the sectors most vulnerable to cyberattacks. In the European Medicines Agency (EMA)'s Guideline on computerized systems and electronic data in clinical trials, the EMA goes beyond the traditional software validation and data integrity expectations. It sets requirements and expectations pertaining to user management and ongoing security measures.

  • Digital Health Apps & SaMD: Incorporating Privacy In Design & Development

    Some digital health apps are regulated by the FDA and other regulatory bodies, and some are not. But all software as a medical device (SaMD) and digital health apps have a common expectation: privacy. This article delves into the related regulations and how to go about developing your app or SaMD using the 7 principles of privacy by design.


John Giantsidis

John Giantsidis is the president of CyberActa, Inc., a Boston-based boutique consultancy empowering medical device, digital health, and pharmaceutical companies in their data-driven digital, regulatory, cyber, and privacy endeavors. He is the vice chair of the Florida Bar’s Cybersecurity and Privacy Law Committee and a Cyber Aux with the U.S. Marine Corps. He holds a Bachelor of Science degree from Clark University, a Juris Doctor from the University of New Hampshire, and a Master of Engineering in Cybersecurity Policy and Compliance from George Washington University. He can be reached at