Omnibus Act Impact on Medical Device Cybersecurity
On Dec 29, President Biden signed into law a $1.7 trillion omnibus spending bill that has significant implications for healthcare as well as for how security for medical devices are regulated and enforced. Manufacturers must now include evidence of security controls and security testing, as well as plans to maintain device’s security posture through updates and patches, all supported by documented evidence, e.g., a software bill of materials for commercial, open-source, and off-the-shelf software components.