Suzanne Schwartz, director of the U.S. FDA’s Center for Devices and Radiological Health Office of Strategic Partnerships and Technology Innovation, reveals that the FDA is requesting “additional legislative authorities” designed to improve medical device cybersecurity amid surging cyberattacks.
The agency wants to require medtechs upfront, as part of a premarket submission, to have a Software Bill of Materials (SBOM) and the capability to update and patch device security into a product’s design. In addition, FDA wants new postmarket authority to require that manufacturers adopt policies and procedures for coordinated disclosure of cybersecurity vulnerabilities as they are identified.
Schwartz told MedTech Dive the requirements are in line with FDA’s 2018 Medical Device Safety Action Plan, which laid out the agency’s cyber roadmap for “modern enhancements” to its oversight that would apply throughout the product lifecycle of devices. FDA’s legislative proposal would codify these requirements for device companies.
SBOM, which was included in an executive order signed in May by President Joe Biden to bolster the nation’s cybersecurity posture, is not a current premarket requirement but Schwartz said it’s critical to provide a shared inventory of third-party components in devices.
Read the full article on MedTech Dive.