Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved a notice from the Food and Drug Administration on “Cybersecurity in Medical Devices: Refuse to Accept Policy for Cyber Devices and Related Systems Under Section 524B of the FD&C Act”. This notice was not listed in the Fall 2022 Unified Agenda. It was submitted to OMB on March 22nd, 2023.
As I noted in that earlier post, it appears that this notice is related to a recent amendment of 21 USC 331(q) making it unlawful for medical device manufacturers to fail to comply with any requirement under §524B(b)(2). That paragraph reads:
‘‘(2) design, develop, and maintain
processes and procedures to provide a reasonable assurance that the device and
related systems are cybersecure, and make available postmarket updates and
patches to the device and related systems to address—
‘‘(A) on a reasonably justified
regular cycle, known unacceptable vulnerabilities; and
‘‘(B) as soon as possible out of cycle, critical vulnerabilities that could cause uncontrolled risks;”
We will probably see this notice published in the Federal Register
later this week.
Posts
No comments:
Post a Comment