Ready or Not, Here Comes Medical Device Cybersecurity Legislation

New legislation in the US gives the FDA the power to confirm that medical devices meet specific cybersecurity standards before they are approved for market use. The law, part of a $1.7tn appropriations bill signed by President Biden, requires manufacturers to maintain adequate post-market surveillance from a cybersecurity perspective. It covers both device hardware design and software. The legislation responds to studies cited in recent reports suggesting over half of connected medical devices in hospitals had known critical vulnerabilities.