Request a demo

See Cybeats in action. Fill out the form and our team will be in touch with you shortly.
Cybeats recognized in Gartner Innovation Insight for SBOMs Report. Get our Reports

Key SBOM directives from latest FDA cybersecurity guidance for medical devices

In April 2022, the Food and Drug Administration (FDA) and the Center for Devices and Radiological Health (CDRH) jointly published new guidance on how to tackle growing concerns surrounding cybersecurity in medical devices.

With the exponential increase in the number of connected medical devices and the volume of confidential health information they transmit, the need for effective cybersecurity within medical device functionality and safety is more important than ever.

In recent years, cyber threats have risen sharply and the healthcare sector is one of many victims to experience more frequent, severe, and clinically impactful attacks. Cybersecurity incidents can render medical devices and hospital networks inoperable, which can impact the delivery and efficacy of patient care across the healthcare sector worldwide.


What can be done?

In this new guidance, device manufacturers are expected to have control of their software through their source code and backups. But if the use of third-party software components relinquishes any part of this control, a plan needs to be in place for how third-party software components could be updated or replaced.

To this end, the FDA suggest that manufacturers be required to document all of the software components used to build their medical devices, using the suggested format of a software bill of materials (SBOM).

The guidance is not only limited to network-enabled devices or those that contain other connected capabilities, but applies to all medical devices containing software, firmware or programmable logic, as well as software as a medical device (SaMD).

Aimed at improving medical device design, labeling, and a documentation for premarket submissions, these new FDA considerations will first result in a more efficient premarket review processes. In turn, this will ensure marketed medical devices are vastly better secured and more resilient to cybersecurity threats.

Following the FDA’s guidance, organizations can begin to address these concerns with a thoughtful SBOM strategy that provides a single pane of glass, affording high-level visibility into the risk and vulnerabilities within their software supply chain.


How can Cybeats help?

SBOMs are poised to soon become a standard across industries and will likely be mandated by organizations within the public sector, infrastructure, medical/healthcare, energy, finance, and more.

Knowing this, does your organization have full visibility into your software supply chain?  

Do you have a SBOM Strategy that meets the requirements set out in the draft guidance?

Cybeats SBOM Studio can help provide software transparency, validation and certainty for the entire product lifecycle.

The Importance Of Validation In SBOM Generation

March 19, 2024

Tern is an open source software composition analysis and SBOM generation tool that generates SBOMs from container images. However, upon running this tool and generating a CycloneDX SBOM, a problem arose.

Read More →

The Power of SBOMs: Building Resilience in Our Critical Infrastructure

March 4, 2024

As a member of the PCAST Working Group on Cyber-Physical Resilience, I was involved in crafting the recent report outlining crucial steps to fortify the intricate systems that underpin our daily lives. One of our key recommendations, "Recommendation 4B: Promote Supply Chain

Read More →

Revolutionizing Healthcare Security: The Power of the Health-ISAC and Cybeats Partnership in SBOM use

December 15, 2023

Notably, the Health Information Sharing and Analysis Center (Health-ISAC) is entering into a partnership with Cybeats, a leading software supply chain intelligence company, marking a substantial advancement in healthcare cybersecurity.

Read More →

See Cybeats Security
Platform in Action Today.