FDA Wants Medical Devices to Have Mandatory Built-In Update Mechanisms>
Bleeping Computer – Catalin Cimpanu
The US Food & Drug Administration plans to ask Congress for more funding and regulatory powers to improve its approach towards medical device safety, including on the cybersecurity front. An FDA document released this week reveals several of the FDA’s plans, including the desire to force device makers to include mandatory update systems inside products for the purpose of delivering critical security patches. In addition, the FDA also plans to force device makers to create a document called “Software Bill of Materials” that will be provided for each medical device and will include software-related details for each product. Further, the FDA also wants to “update the premarket guidance on medical device cybersecurity to better protect against moderate risks (such as ransomware campaigns that could disrupt clinical operations and delay patient care) and major risks (such as exploiting a vulnerability that enables a remote, multi-patient, catastrophic attack).” This guidance will most likely be added to the FDA’s existing cybersecurity guidelines and recommendations. Last but not least, the FDA wants to create a new entity called the CyberMed Safety (Expert) Analysis Board (CYMSAB) that will be a public-private partnership.
Link: https://www.bleepingcomputer.com/news/government/fda-wants-medical-devices-to-have-mandatory-built-in-update-mechanisms/