Part 1 of 3: Adapting to New Cybersecurity Requirements for Medical Cyber Devices (+Free Webinar Sign-up) 

New laws introduced in the last few months are having a huge impact on how medical device manufacturers build their products, undertake risk management and prepare premarket submissions. 

On March 29th, 2023, a new section within the Consolidated Appropriations Act (Omnibus) came into law. This new section means that all medical cyber devices must now meet certain security standards. All those building a medical “cyber devices” are now required to take the following actions when preparing premarket submissions:  

                      • Postmarket Monitoring: Submit a plan to monitor, identify, and address, postmarket cybersecurity vulnerabilities and exploits, including coordinated vulnerability disclosure and related procedures; 
                      • Device Updates: Design, develop, and maintain processes and procedures to provide a reasonable assurance that the device and related systems are cybersecure, and make available postmarket updates and patches to the device and related systems to address— on a reasonably justified regular cycle, known unacceptable vulnerabilities; and as soon as possible out of cycle, critical vulnerabilities that could cause uncontrolled risks; 
                      • SBOM: Provide a software bill of materials (SBOM); 
                      • Regulatory Compliance: Ensure compliance with other requirements that the FDA may require through regulation to demonstrate reasonable assurance that the device and related systems are cyber secure.

Cybersecurity – A Growing Concern That Has Taken Center Stage 

Cybersecurity has become a huge concern within the healthcare sector, with a number of high profile cyberattacks and data breaches taking place in recent years. Despite this, experts have always suggested that cybersecurity
wouldn’t become a high priority until the FDA makes it so. With these security requirements, along with new authority being granted to the FDA to enforce cybersecurity measures, it appears that cybersecurity is finally taking center stage.

Now it’s up to medical device manufacturers to respond, and to do so immediately. The new laws have already come into effect. The onus is now on manufacturers to ensure that they understand the new regulations and adapt to the change as quickly as possible.

Register for Our Free Webinar Today

On Monday, October 30, 2023 11AM EDT, Nova Leah, together with Bluebridge Technologies,will be hosting a free webinar titled:

‘Navigating FDA’s New Cyber Device Paradigm – Cybersecurity And Compliance, Sharing Industry Best Practices’

The FREE webinar will include:

                      • 3 industry experts delving into the intricacies of compliance and cybersecurity in the medical device industry.
                      • Best practices for designing, developing, and maintaining cyber secure medical devices in an all new medical cyber device regulatory environment.
                      • A run through the essentials of the new FDA cyber device criteria and its impact on your software/system development procedures and maintenance lifecycle. 
                      • Expert Q&A.

Our experts will also journey through the product development and risk management lifecycle, where you can learn about pre and post market cybersecurity risk management including, threat modeling, creating, updating, and monitoring software bill of materials (SBOM), vulnerability assessments, effective coordinated vulnerability disclosure strategies, and developing practices to avoid the new gotcha elements within the regulation. 

You can register for the free webinar using the button below.  We hope to see you there.

Learn more about the speakers and the event here.

Register for Free