Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had receive a notice from the Federal Drug Administration (FDA) on “Cybersecurity in Medical Devices: Refuse to Accept Policy for Cyber Devices and Related Systems Under Section 524B of the FD&C Act”. There is no listing for this action in the Fall 2022 Unified Agenda.
The new §524B was added to the Food, Drug, and Cosmetic Act by §3305 (pg 1374), Ensuring Cybersecurity of Medical Devices, of the Consolidated Appropriations Act, 2023 (PL 117-328, HR 2617). Subsection 3305(b) amended 21 USC 331(q) making it unlawful for medical device manufacturers to fail to comply with any requirement under §524B(b)(2). That paragraph reads:
‘‘(2) design, develop, and maintain
processes and procedures to provide a reasonable assurance that the device and
related systems are cybersecure, and make available postmarket updates and
patches to the device and related systems to address—
‘‘(A) on a reasonably justified
regular cycle, known unacceptable vulnerabilities; and
‘‘(B) as soon as possible out of cycle, critical vulnerabilities that could cause uncontrolled risks;”
It looks like this notice may be related to that section in
relation to ‘§524B’.
Posts
No comments:
Post a Comment