chevron-down Created with Sketch Beta.
January 27, 2023

FDA to Set Cybersecurity Standards for Medical Devices

Section 3305 of the Consolidated Appropriations Act, 2023, which became law on December 29, 2022, provides long-awaited authority to the FDA to establish cybersecurity standards for premarket submissions for medical devices.  The FDA will also work with the Cybersecurity Infrastructure and Security Agency to review and update its guidance document from 2014 on cybersecurity in medical devices, incorporating feedback from appropriate stakeholders, including healthcare providers, as appropriate.  There have been an alarming number of cyberattacks in the healthcare industry in recent years, due in no small part to the increasing number of medical devices (e.g., heart rate monitors, imaging machines, automated drug delivery devices) that are connected to healthcare providers’ electronic health records systems and other network systems. This new FDA authority is not a cure-all, but it will help to bring the healthcare industry one step closer to better cybersecurity and patient safety.


The material in all ABA publications is copyrighted and may be reprinted by permission only. Request reprint permission here.