Bad news for medical device cybersecurity advocates: The FDA appropriations bill that passed last week failed to require device makers to include cybersecurity safeguards, such as software bills of materials and other ways to identify and thwart threats.

The reauthorization of user-fee agreements passed in the House with overwhelming bipartisan support in June. While the comprehensive package aimed to reauthorize FDA user-fee agreements, target lower costs, support innovation and improve generic drug competition, the legislation was also designed to bolster the regulatory requirements to ensure cybersecurity throughout the medical device lifecycle.

One of the more important elements would have required any manufacturer issuing premarket submissions of a cyber device to include any relevant information that would ensure the device met cybersecurity requirements with reasonable assurance of safety and effectiveness.

A great deal of these elements were drawn from the highly lauded The Protecting and Transforming Cyber Health Care (PATCH) Act introduced in April and a companion bill introduced in the House of Representatives on March 29.

Read the full article on SC Magazine.