The new guidelines issued March 30 by the US Food and Drug Administration (FDA) will require medical device developers to submit a plan on how to “monitor, identify, and address” cybersecurity issues.
They will also be expected to create a process that provides “reasonable assurance” that the device being developed is protected.
The new measures will also require applicants to make security updates and patches available on a regular schedule and in critical situations, and provide the FDA with “a software bill of materials,” including any open-source or other software their devices use, according to a report by CNN.
According to CNN, the new rules come after years of concern about the vulnerability of digital medical devices to cyber attacks.
A report released last year by the FBI, for example, noted that 53 percent of digital medical devices and other internet-connected products in hospitals had known critical vulnerabilities.
The growing popularity of health-monitoring electronics has led to an increase in the regulatory landscape surrounding them.
In a recent interview with CET&D, Brendan O'Leary, deputy director of the FDA’s digital health center of excellence, confirmed this expansion in medical wearables.
O'Leary said: “There’s growth both in wearables and in software as a medical device (SaMD). There's growth in augmented and virtual reality-enabled medical devices and artificial intelligence (AI) and machine learning-enabled medical devices. There's a lot of exciting technologies hitting the med tech sector right now.”