Jennifer Korn reports:
The Food and Drug Administration will now require medical devices meet specific cybersecurity guidelines after years of concerns that a growing number of internet-connected products used by hospitals and healthcare providers could be hit by hacks and ransomware attacks.
Under FDA guidance issued this week, all new medical device applicants must now submit a plan on how to “monitor, identify, and address” cybersecurity issues, as well as create a process that provides “reasonable assurance” that the device in question is protected. Applicants will also need to make security updates and patches available on a regular schedule and in critical situations, and provide the FDA with “a software bill of materials,” including any open-source or other software their devices use.
Read more at CNN.