Medical Device 524B
Mitigate the risk of security incidents and strengthen medical device cybersecurity by complying with section 524B of the FD&C Act.
Adhere to Landmark Legislation: F&C Act Section 524(b)
Submit medical devices to the FDA with confidence.
It’s the law. Be prepared to submit comprehensive cybersecurity evidence to the FDA, including:
- Update and patching capabilities
- Security controls and testing
- SBOMs for software components
The FDA will now automatically reject medical device premarket submissions that don’t include specific cybersecurity details required by the agency as spelled out under the new law. We’ll help you prepare a comprehensive submission packet, designed for approval.
Medical Device 542b
Meet medical device 542b cybersecurity requirements in confidence.
Prepare for the massive shift in the FDA’s now explicit authority and oversight of medical devices.
Enhanced security for FDA’s high-risk device types
Follow existing FDA premarket cybersecurity guidance and adhere to the new expectations, so there are no issues passing regulatory examination.
Align with amplified levels of inspection performed by FDA to ensure compliance with the guidance to meet medical device 542b cybersecurity requirements.
Collaborate with the FDA for submissions before October 1, 2023. After that date, the FDA may use “refuse to accept” (RTA) for cyber devices that no not meet the new requirements.
What is a Cyber Device?
The new cybersecurity requirements apply to medical device manufacturers submitting premarket submissions for products that meet the definition of a “cyber device” under Section 524B(c).
A cyber device is defined as a device that:
- includes software validated, installed, or authorized by the sponsor as a device or in a device;
- can connect to the Internet;
- contains technological characteristics validated, installed, or authorized by the sponsor that could be vulnerable to cybersecurity threats.
Align with medical device 542b requirements.
Under Section 524B(b), manufacturers submitting premarket applications for cyber devices must, by law:
Submit a plan to monitor, identify, and address post-market cybersecurity vulnerabilities and exploits.
Design, develop, and maintain processes and procedures to provide a reasonable assurance that the device and related systems are cybersecure.
Make available post-market updates and patches to the device and related systems to address known unacceptable vulnerabilities and critical vulnerabilities that could cause uncontrolled risks.
Cybersecurity Solutions Beyond Medical Device 524B
When you partner with Level Nine, you’ll have the confidence in your medical device cybersecurity program to focus more on your mission.
Improve your operational technology and industrial control systems’ (OT/ICS) security, and comply with critical infrastructure regulations.
Protect data in transit and at rest while securing your cloud infrastructure from vulnerabilities with enhanced cloud security.
Defend against digital warfare and supply chain attacks with end-to-end critical infrastructure cybersecurity solutions.