HealthcareCISO

Dive Brief:

FDA is seeking “additional legislative authorities” meant to bolster medical device cybersecurity amid growing ransomware and other cyberattacks on healthcare organizations, according to Suzanne Schwartz, director of CDRH’s Office of Strategic Partnerships and Technology Innovation.

The agency wants to require medtechs upfront, as part of a premarket submission, to have a Software Bill of Materials (SBOM) and the capability to update and patch device security into a product’s design. In addition, FDA wants new postmarket authority to require that manufacturers adopt policies and procedures for coordinated disclosure of cybersecurity vulnerabilities as they are identified.

Schwartz told MedTech Dive the requirements are in line with FDA’s 2018 Medical Device Safety Action Plan, which laid out the agency’s cyber roadmap for “modern enhancements” to its...