Heightened Cybersecurity Requirements for Medical Devices Passed Into Law

Congress passed an appropriations bill that contains significant new cybersecurity requirements for medical device companies.  The  Omnibus Appropriations Bill, which was signed into law on December 29, 2022, contains provisions amending the Federal Food, Drug, and Cosmetic Act to further mandate the implementation of cybersecurity controls for certain internet connected medical devices. Specifically, any ‘device’ (as the term is broadly defined under 21 U.S.C.S. 321(h)) must comply with the new requirements if the device: (1) includes software which is validated, installed, or authorized by the sponsor; (2) has the ability to connect to the internet; and (3) contains any technological characteristics that could be vulnerable to cybersecurity threats.

The new rules go into effect 90 days after the passage of the Bill (or March 22, 2023)

Source: https://www.jdsupra.com/legalnews/heightened-cybersecurity-requirements-5386637/