Federal Mandates on Medical-Device Cybersecurity Get Serious

The US FDA has requested medical device makers to submit plans to monitor and patch post-market cybersecurity vulnerabilities, create a process for secure design and development of devices, and provide a software bill of materials. This comes as the FDA’s grace period ends on October 1, allowing it to reject devices that lack necessary cybersecurity controls. The move aims to mitigate mounting cyber threats that could disrupt healthcare delivery and pose a national security concern.