After years of concern within the industry about internet-connected health products at risk of ransomware attacks, the Food and Drug Administration (FDA) will require certain medical devices to meet specific cybersecurity guidelines. According to new guidance released by the FDA, all new medical device applicants will now be required to map out a plan around how to “monitor, identify, and address” cybersecurity concerns.
Why it matters: This measure is a first of its kind – with internet-connected medical devices used by millions of Americans, it was only a matter of time before cybersecurity became a major concern. The implications of a cyberattack on medical devices could be devastating and lead to the loss of lives depending on the product affected. This is just the most recent
- Medical device applicants must create security patches and updates available regularly and when critical situations arise.
- If devices are compromised, the outcomes could include administering of drug overdoses, inaccurate readings, and ultimately endanger patient health.
- The $1.7 trillion federal omnibus spending bill signed by President Joe Biden in December housed the new law.
