FDA requires medical devices be secured against cyberattacks
Medical devices are increasingly connected to the Internet, hospital networks, and other medical devices to provide features that improve health care and increase the ability of health care providers to treat patients. These same features also increase potential cybersecurity risks. Medical devices, like other computer systems, can be vulnerable to security breaches, potentially impacting the safety and effectiveness of the device.
Under FDAguidance issued this week, all new medical device applicants must now submit a plan on how to “monitor, identify, and address” cybersecurity issues, as well as create a process that provides “reasonable assurance” that the device in question is protected.
Applicants will also need to make security updates and patches available on a regular schedule and in critical situations, and provide the FDA with “a software bill of materials,” including any open-source or other software their devices use.
As part of the new law, the FDA must also update its medical device cybersecurity guidance at least every two years.
Health Ministry to rope in State Governments to establish Medical Devices Testing Laboratories
The Ministry of Health and Family Welfare (MoHFW) is planning to rope in state governments also to establish or designate their existing laboratories as state medical devices testing laboratories and bring in enabling rules to support setting up of more testing laboratories for medical devices across the country as the sector is experiencing major regulatory paradigm shift including the introduction of a licensing regime.
A draft rule has been notified by the Ministry, under which it has proposed to insert a new sub-rule to the Rule 19, that the state government may, by notification, establish state medical devices testing laboratory for the purpose of testing and evaluation of medical devices or to carry out any other functions as may be specifically assigned to it.
The State Government may also designate any laboratory having facility for carrying out and evaluation of medical devices as state medical devices testing laboratory for the purpose, with a condition that the laboratory should be accredited by the National Accreditation Body for Testing and Calibration Laboratories (NABL).
It has also added a definition to the state medical devices testing laboratory, stating that it means a laboratory established or designated by the state government under the Rule 19(3), which is the freshly proposed sub-rule. While the Rule 19 was specifically for Central medical devices testing laboratory, it has been proposed for amendment by omitting the word ‘Centre’, this emphasising that the laboratories could be established either by the Central or the state government. The draft amendment is expected to be taken into consideration in seven days from the date of making the draft available to the public.