The Consolidated Appropriations Act of 2023 covered a lot of budget terrain for the U.S. federal government, but Section 3305 was unusual for this type of bill in that it called on the FDA to require cybersecurity features as a part of the Quality System Regulation (QSR).
The Biden administration recently announced an extension of the comment period for a request for information on harmonization of cybersecurity regulation, a proposal that could conflict with FDA regulation of medical device cybersecurity.
Public companies registered with the U.S. SEC will soon have to disclose material cybersecurity incidents and annually report material information regarding their cybersecurity risk management, strategy and governance.
Public companies registered with the U.S. SEC will soon have to disclose material cybersecurity incidents and annually report material information regarding their cybersecurity risk management, strategy and governance.
The U.S. FDA has released a final guidance for the agency’s refuse-to-accept (RTA) policy for cybersecurity measures in medical devices, a policy document that was required by Congress via the Consolidated Appropriations Act for the 2023 federal fiscal budget.
The Medical Device Innovation Consortium (MDIC) has played a key role in fostering a stronger industrial appreciation for the need for robust cybersecurity, but a recent MDIC report noted that many device makers are deficient in pushing cybersecurity considerations into the domain of design controls. However, the most critical element in cybersecurity may be whether a company has a chief product security officer (CPSO), the presence of absence of which seems to correlate strongly and uniformly with all aspects of cybersecurity in a manufacturer’s products.
Cybersecurity has become one of the core concerns for med tech in this part of the 21st Century, and a collaboration between the FDA and the Mitre Corp., has yielded a new playbook that calls for a regional response to issues such as ransomware. However, this new document calls on medical device manufacturers to take part in cybersecurity exercises along with health care delivery organizations, an exercise that some manufacturers might not be prepared to undertake.
The U.S. Department of Health and Human Services (HHS) has issued a bulletin in connection with the Venus ransomware, the latest in a running series of such malware to hit computer systems across the globe.
Israeli technology startup foundry Team8 Labs Ltd. has established a new digital health arm aimed at building and scaling digital health companies. The company plans to create six to eight digital health care companies over the next five years, infusing each with $5 million to $10 million in seed money plus additional resources and services.
The U.S. FBI is not typically seen as playing a meaningful role in medical device cybersecurity, but the agency recently released a report regarding unpatched and outdated medical devices, nonetheless. The report includes five recommendations to deal with these devices, but the agency gives no indication as to whether the report signals an interest in enforcement activities related to medical device cybersecurity.
