"New Law Enables FDA to Regulate Medical Device Cybersecurity"

Capterra's 2022 Medical Internet of Things (IoT) Survey found that Internet-connected medical devices are 24 percent more vulnerable to cyberattacks. A new federal law enacted late last year is expected to provide some relief. The Food and Drug Administration (FDA) now has the authority and funding of $5 million to create requirements for pre-market medical device security. The new law requires makers of Internet-connected medical devices to bolster the cybersecurity of their equipment and associated systems. In the near future, all submissions for medical devices will be expected to contain a Software Bill of Materials (SBOM) and evidence that the product can be updated with software patches. Many in the healthcare industry and cybersecurity community applaud the law. However, it only applies to devices awaiting FDA approval that are not yet on the market. It is also unclear when manufacturers must comply with the new requirements. This article continues to discuss the cyber risks posed by medical equipment and the new law that allows the FDA to regulate the cybersecurity of medical devices.

Campus Safety reports "New Law Enables FDA to Regulate Medical Device Cybersecurity"