STAT+: Medical device companies now need to prove to FDA they’re protected against cyber attacks
Hidden in this year’s federal spending bill, among major changes to Medicare payments to doctors and post-pandemic Medicaid, lies a little-noticed change with big implications: a mandate to protect medical devices connected to the internet from hacks or ransomware attacks.
The law, which goes into effect Wednesday, explicitly states that companies cannot sell their connected medical devices without first showing the Food and Drug Administration a solid cybersecurity plan. It also gives the FDA $5 million to see a higher security standard through. Historically, the agency has lacked the resources to keep up with rapidly-evolving security threats, or the authority to force device makers to comply with its draft guidelines.
Continue to STAT+ to read the full story…
