The US publishes medical IoT cybersecurity regulations

The 2023 Federal spending bill includes cybersecurity requirements for IoT medical devices. According to the law, manufacturers of medical IoT devices will be obligated to (1) submit a plan on how to monitor post-market cybersecurity vulnerabilities that includes a coordinated vulnerability disclosure; (2) design and maintain processes and procedures to assure that the device and its related systems are secure, and provide updates and patches on a regular base and in critical events outside of regular cycles (3) provide a software bill of materials, including commercial, open-source, and off-the-shelf software components. The legislation also allows the FDA to take action against existing devices that were not submitted
for pre-market approval if they are found to be insecure.