Medical device makers have had to comply with new cybersecurity regulations for the past six months. These regulations have been developed to protect medical devices against cyber attacks, but the US Food and Drug Administration has refrained from using its power to not accept a medical device, until now.
On October 1, the FDA will begin rejecting devices that do not have a post=market patching capability and other appropriate cybersecurity controls. The agency’s focus on cybersecurity of medical devices stems from the passage of an omnibus appropriations act by Congress in December 2022. The act included a section on ensuring the cybersecurity of medical devices. The powers granted tot he FDA went into effect in March. Medical device manufacturers have been slow to change in 2022, The FDA has allocated $5 million of its budget to medical device cybersecurity to change that.
Read More: Federal Mandates on Medical-Device Cybersecurity Get Serious