The urgency is building. With the passage of December’s Omnibus Bill, policymakers have signaled that it’s time to get serious about medical device cybersecurity. The Omnibus Bill, which incorporates parts of the Patch Act, gives the Food and Drug Administration (FDA) statutory authority to regulate medical device cybersecurity.
The FDA has long contemplated taking a stronger stance to regulate the cybersecurity of medical devices, as evidenced by documents published by the agency regarding the pre-market submission process as well as the post-market management of medical device cybersecurity.