The Food & Drug Administration (FDA) has released new cybersecurity guidelines for the medical devices industry in the US. The guidelines will require medical device manufacturers to provide more documentation to demonstrate how their devices are protected from cyber intrusion, and how they plan to respond to any vulnerabilities.
The FDA’s new regulations are part of a broader federal push to improve critical infrastructure defenses against cyberattacks. The FDA is expected to review the rules every two years and update its online resources annually to reflect the latest information on detecting and addressing vulnerabilities. The new cybersecurity guidelines will only apply to new applications from March 29th, 2023, onwards.