Key Ways to Prepare For Revamped Medical Device Security Requirements

The Consolidated Appropriations Act of 2023 (Omnibus) amended the Federal Food, Drug, and Cosmetic Act to require medical device manufacturers to address cybersecurity. As of March 29, 2023, they must provide cybersecurity details in premarket submissions. The Omnibus mandates plans for postmarket cybersecurity vulnerabilities, device cybersecurity demonstrations, and software bill of materials (SBOM) disclosures. Starting October 1, 2023, the FDA will reject submissions not meeting cybersecurity criteria, emphasizing proactive cybersecurity measures.