In the fast-paced and ever-changing landscape of medical technology, staying compliant with regulations is critical. On March 29, 2023, the amendment to the Food, Drug & Cosmetic Act (FD&C), referred to as the “PATCH Act,” went into effect. The next day, the Food and Drug Administration (FDA) issued a new final guidance, revamping its Refuse to Accept (RTA) policy to consider a lack of cybersecurity documentation in the decision to refuse to accept submissions for new or modified medical devices. It was a move that signaled a significant shift in how Medical Device Manufacturers (MDMs) must approach cybersecurity in order to get products through FDA clearance or approval.

The New FDA Cybersecurity Guidelines

The FDA Cybersecurity RTA guidance, issued on March 30th, 2023, mandates MDMs shall submit to FDA a robust plan for addressing post-market vulnerabilities, a clear strategy for vulnerability disclosure, and a comprehensive software bill of materials (SBOM). This comes in line with section 524B of the FD&C Act which includes a requirement that a manufacturer shall “submit to the Secretary a plan to monitor, identify, and address, as appropriate, in a reasonable time, postmarket cybersecurity vulnerabilities and exploits, including coordinated vulnerability disclosure and related procedures.” Medcrypt’s Helm software enables a manufacturer to collect SBOM for all devices in their inventory, including multiple discrete versions of each device, in order to monitor vulnerabilities and possible exploits as they are identified and disclosed.

While the intention of FDA is to start refusing to accept submissions on the basis of cybersecurity only on October 1st, 2023, the FDA has already started issuing deficiency letters to MDMs regarding these cybersecurity documents, signaling the urgency and importance of compliance.

Introducing Helm: Your Cybersecurity Ally

Navigating these new regulations can seem daunting. That’s why we developed Helm, MedCrypt’s SBOM and vulnerability management solution, designed explicitly with the MDM use cases in mind. Helm is more than just a tool; it’s a solution meticulously crafted to help MDMs not just meet but exceed the FDA’s cybersecurity guidelines.

Key Features of Helm

Helm and MedCrypt services offer a host of features specifically designed to address the cybersecurity guidelines of the FDA:

1. Vulnerability management: Helm helps MDMs implement robust plans for addressing post-market vulnerabilities. With its proactive approach, Helm identifies and manages potential risks before they pose significant threats. In the event of a major vulnerability like log4j or wannacry, Helm can determine which devices could be impacted within seconds.
2. Software Bill of Materials (SBOM): Helm supports SBOMs from open source software (OSS), commercial software composition analysis (SCA) tools, and even manually created SBOMs. All SBOMs are organized in an intuitive UI to ensure full transparency about all components used in your medical device software, in compliance with FDA guidelines.
3. Industry specific frameworks: MedCrypt has developed a Cybersecurity Quality tool that provides an easy to follow template and model implementation of a Secure Product Development Framework (SPDF).
4. Broad software, firmware, and OS awareness: Helm provides visibility into both open source software (OSS) and commercial third party software. It supports tracking operating systems (OS), including real-time operating systems (RTOS), ensuring you have a comprehensive view of your software ecosystem.
5. Compliant SBOM maintenance: With Helm, you can be assured that your SBOMs meet both NTIA minimum requirements and the FDA’s cybersecurity requirements for human- and machine-readable formats.

MDMs have been using Helm over the past few years to stay ahead of their cybersecurity vulnerability management needs and maintain compliance with confidence.

Hear from Our Satisfied Customers

The true measure of success, however, lies in the experience of our customers. In the upcoming months, we’ll share detailed case studies from customers who’ve harnessed the power of Helm to tackle their cybersecurity challenges head-on. You’ll get to hear first-hand accounts of how Helm has helped them remain compliant while also streamlining their processes and enhancing their product security.

Ready for the Future of Cybersecurity in Medical Devices

At the end of the day, our goal is to ensure MDMs are equipped to navigate the rapidly evolving cybersecurity landscape confidently. With Helm, you can stay focused on what matters most — innovating and delivering high-quality medical devices, while we take care of your cybersecurity compliance needs.

Stay tuned for our upcoming customer case studies, and in the meantime, if you’re interested in learning more about how Helm can help your organization meet the FDA’s cybersecurity guidelines, request a demo by emailing info@medcrypt.com.

Helm is now available for medical device manufacturers Start a free trial of Helm today.

‍