According to the FDA, this final guidance "recognizes today's reality" that "cybersecurity threats are real, ever-present and continuously changing." It applies to all medical devices, including those already out on the market such as those manufactured by St. Jude Medical. The agency is currently investigating St. Jude's products after an investment firm and a cybersecurity company claimed that they lack even the most basic form of cybersecurity.

The FDA promises to adjust its guidance or even issue a new one if needed, since cyberthreats can evolve and hackers can become even more capable: