The FDA has struggled to revise a guidance related to cybersecurity in medical devices, but developers now have more than just lagging FDA guidances to worry about where cybersecurity is concerned. The U.S. Department of Justice (DoJ) has unveiled a program designed to leverage the False Claims Act to pursue entities that come up short of regulatory expectations for cybersecurity, constituting a new vector for liability for makers of devices and medical software.