The US publishes medical IoT cybersecurity regulations
The US has implemented regulations for medical IoT cybersecurity in the 2023 Federal spending bill. Manufacturers must comply with new requirements like submitting cybersecurity monitoring plans, ensuring device security, providing software bill of materials, and addressing vulnerabilities in existing devices not submitted for pre-market approval.
The 2023 Federal spending bill includes cybersecurity requirements for IoT medical devices. According to the law, manufacturers of medical IoT devices will be obligated to (1) submit a plan on how to monitor post-market cybersecurity vulnerabilities that includes a coordinated vulnerability disclosure; (2) design and maintain processes and procedures to assure that the device and its related systems are secure, and provide updates and patches on a regular base and in critical events outside of regular cycles (3) provide a software bill of materials, including commercial, open-source, and off-the-shelf software components. The legislation also allows the FDA to take action against existing devices that were not submitted
for pre-market approval if they are found to be insecure.
