FDA’s bill of materials creates a cybersecurity blind spot for medical devices

The FDA’s cybersecurity bill of materials requires manufacturers to disclose software from other vendors used in medical devices. While this provides more information to IT security staff, it also introduces challenges such as the need for remote updates and potential cyber breaches. CIOs and CISOs should consider new approaches like Zero Trust Networks and hardware root of trust to address these issues. Additionally, vulnerabilities need to be managed differently through threat intelligence and threat hunting.