<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>MedTech Cyber Tips - Updates</title>
    <link>https://medtechcybertips.com/updates</link>
    <atom:link href="https://medtechcybertips.com/rss.xml" rel="self" type="application/rss+xml" />
    <description>FDA, EU MDR, and standards updates affecting medical device cybersecurity.</description>
    <language>en-us</language>
    <lastBuildDate>Sat, 11 Jul 2026 00:52:44 GMT</lastBuildDate>
    <item>
      <title>Mid-2026 field notes: what&apos;s tripping up 524B submissions right now</title>
      <link>https://medtechcybertips.com/updates/mid-2026-deficiency-patterns</link>
      <guid>https://medtechcybertips.com/updates/mid-2026-deficiency-patterns</guid>
      <pubDate>Wed, 08 Jul 2026 00:00:00 GMT</pubDate>
      <category>FDA</category>
      <description>Five months into the Feb 3, 2026 guidance, a clear pattern of deficiencies has emerged around SBOM depth, VEX handling, and AI/ML threat modeling. Here&apos;s what reviewers are flagging most this quarter.</description>
    </item>
    <item>
      <title>HHS 405(d) HICP 2026 refresh: what changes for MedTech manufacturers</title>
      <link>https://medtechcybertips.com/updates/hhs-405d-hicp-2026-refresh</link>
      <guid>https://medtechcybertips.com/updates/hhs-405d-hicp-2026-refresh</guid>
      <pubDate>Sun, 28 Jun 2026 00:00:00 GMT</pubDate>
      <category>Standards</category>
      <description>The Health Industry Cybersecurity Practices (HICP) 2026 refresh from HHS 405(d) tightens the manufacturer-facing sections, especially around SBOM disclosure to HDOs and coordinated vulnerability handling.</description>
    </item>
    <item>
      <title>PCCPs and cybersecurity: what changes when your AI model updates itself</title>
      <link>https://medtechcybertips.com/updates/pccp-cyber-intersection-2026</link>
      <guid>https://medtechcybertips.com/updates/pccp-cyber-intersection-2026</guid>
      <pubDate>Wed, 10 Jun 2026 00:00:00 GMT</pubDate>
      <category>FDA</category>
      <description>FDA&apos;s Predetermined Change Control Plans let AI/ML devices ship updates without a new submission - but the cyber risk surface moves with every retrain. Here&apos;s how to scope a PCCP that doesn&apos;t quietly invalidate your 524B package.</description>
    </item>
    <item>
      <title>MDCG 2019-16 Rev.2 lands - Notified Body audits are catching up</title>
      <link>https://medtechcybertips.com/updates/mdcg-2019-16-rev2</link>
      <guid>https://medtechcybertips.com/updates/mdcg-2019-16-rev2</guid>
      <pubDate>Sat, 18 Apr 2026 00:00:00 GMT</pubDate>
      <category>EU MDR</category>
      <description>The latest revision to MDCG 2019-16 tightens expectations around SBOMs, post-market vulnerability handling, and traceability between security risk controls and design outputs. Here&apos;s the FDA-to-CE gap, condensed.</description>
    </item>
    <item>
      <title>FDA issues updated premarket cybersecurity guidance (Feb 3, 2026)</title>
      <link>https://medtechcybertips.com/updates/fda-premarket-cyber-guidance-feb-2026</link>
      <guid>https://medtechcybertips.com/updates/fda-premarket-cyber-guidance-feb-2026</guid>
      <pubDate>Tue, 03 Feb 2026 00:00:00 GMT</pubDate>
      <category>FDA</category>
      <description>The FDA&apos;s Feb 3, 2026 revision to &apos;Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions&apos; is now the current final guidance. Here&apos;s what changed versus the 2023 edition and what to update in your submission templates.</description>
    </item>
    <item>
      <title>QMSR replaces 21 CFR 820 - what changes for cybersecurity</title>
      <link>https://medtechcybertips.com/updates/qmsr-takes-effect</link>
      <guid>https://medtechcybertips.com/updates/qmsr-takes-effect</guid>
      <pubDate>Mon, 02 Feb 2026 00:00:00 GMT</pubDate>
      <category>FDA</category>
      <description>FDA&apos;s Quality Management System Regulation harmonizes Part 820 with ISO 13485. Cyber design controls and CAPA expectations carry over with subtle scoping changes.</description>
    </item>
    <item>
      <title>Two years of Section 524B: what FDA reviewers are pushing back on</title>
      <link>https://medtechcybertips.com/updates/524b-two-year-checkin</link>
      <guid>https://medtechcybertips.com/updates/524b-two-year-checkin</guid>
      <pubDate>Wed, 15 Oct 2025 00:00:00 GMT</pubDate>
      <category>FDA</category>
      <description>Patterns from recent deficiency letters: weak SBOM hygiene, missing VEX statements, and CVD policies that exist on paper but have no real intake.</description>
    </item>
    <item>
      <title>MDCG 2019-16 Rev.2 expectations carry into Notified Body audits</title>
      <link>https://medtechcybertips.com/updates/eu-mdr-cyber-annex-update</link>
      <guid>https://medtechcybertips.com/updates/eu-mdr-cyber-annex-update</guid>
      <pubDate>Wed, 20 Aug 2025 00:00:00 GMT</pubDate>
      <category>EU MDR</category>
      <description>European Notified Bodies are now expecting evidence of IEC 81001-5-1 alignment, not just MDCG 2019-16 narrative.</description>
    </item>
    <item>
      <title>MedTechCyberTips.com is live</title>
      <link>https://medtechcybertips.com/updates/site-launch</link>
      <guid>https://medtechcybertips.com/updates/site-launch</guid>
      <pubDate>Sun, 01 Jun 2025 00:00:00 GMT</pubDate>
      <category>Site</category>
      <description>Nine deeply organized topics, a guided journey, and a glossary covering every acronym in FDA cyber guidance.</description>
    </item>
  </channel>
</rss>
