Medical devices are being connected to the internet, hospital networks, and other medical devices to provide features that improve health care and help providers treat patients. However, this connectivity also increases cybersecurity risks. The increase in cybersecurity threats and vulnerabilities has made the Federal government sharpen its focus on medical device cybersecurity.
On Dec. 29, 2022, the U.S. Congress passed into law the Consolidated Appropriations Act, 2023, which added to the Federal Food, Drug, and Cosmetic Act (FD&C Act) Section 524B regarding cybersecurity for medical device submissions. Effective Mar. 29, 2023, medical device manufacturers must meet certain cybersecurity standards; otherwise, beginning Oct. 1, 2023, the U.S. Food and Drug Administration (FDA) may refuse to accept 510(k) premarket submissions that do not meet the standards.
The new cybersecurity provisions are an important step toward ensuring patient safety and cybersecurity in medical devices. Sponsors (manufacturers, developers, or distributors) making premarket submissions for cyber devices must be aware of these requirements and take necessary steps to comply with them to ensure their devices are cybersecure and that medical device submissions to the FDA are not refused. The recent changes also make the failure to comply with such requirements a prohibited act under the FD&C Act Section 524B, which could lead to future enforcement actions.
Download the white paper to learn more about FD&C 524B requirements and:
- Why cybersecurity matters for medical devices
- Cybersecurity risks for medical devices
- 9 Steps to meet FD&C 524B requirements
Contributors to this white paper:
- Brian Rankin, Information Security Consultant, USDM Life Sciences
- Roger Davy, VP of Consulting, USDM Life Sciences
Download the white paper now to learn more > > >