Routine updates and patches

Medical device
Cybersecurity routine updates and patches are

"updates or patches to a device to increase device security and/or remediate vulnerabilities associated with controlled risk and not to reduce a risk to health or correct a violation of the FD&C Act. They include any regularly scheduled security updates or patches to a device, including upgrades to the software, firmware, programmable logic, hardware, or security of a device to increase device security as well as updates or patches to address vulnerabilities associated with controlled risk performed earlier than their regularly scheduled deployment cycle even if they are distributed to multiple units."

Overview
"Cybersecurity routine updates and patches are generally considered to be a type of device enhancement that may be applied to vulnerabilities associated with controlled risk and is not considered a repair. Cybersecurity routine updates and patches may also include changes to product labeling, including the instructions for use, to strengthen cybersecurity through increased end-user education and use of best practices."