FDA Tightens Its Medical Device Cybersecurity Guidance for Manufacturers

The Food and Drug Administration issued updated cybersecurity guidance for medical devices, setting stricter requirements that many existing systems — and the software that runs them — cannot meet without significant redesign. The FDA’s updated guidance, enacted through the omnibus appropriations legislation known as Section 524B, marks a major shift in how device security is regulated. The new framework requires manufacturers to implement security throughout the product lifecycle, including documenting software components, managing vulnerabilities and maintaining secure development processes…