The House on June 8 voted to approve a bill that would require the Food and Drug Administration (FDA), among other tasks, to ensure cybersecurity throughout the lifecycle of medical devices and make sure that device makers meet minimum cybersecurity requirements set by the agency.
The Food and Drug Amendments of 2022 (H.R. 7667) is sponsored by Rep. Anna Eshoo, D-Calif., and passed the House with strong bipartisan support by a vote of 392-28. The legislation would modify requirements related to the overall supply chain for drugs and devices, including improving cybersecurity at the manufacturing level.
To improve the cybersecurity of medical devices throughout the lifecycle, the bill would establish minimum requirements that manufacturers of medical devices will have to meet, including:
- Establishing a plan to monitor, identify, and address cybersecurity vulnerabilities and exploits;
- Designing, developing, and maintaining processes and procedures to ensure devices and related systems are secure, and making available updates and patches to the device throughout the lifecycle; and
- Providing labeling of medical device software bill of materials, including commercial, open-source, and off-the-shelf software components.
“With a bipartisan vote today, the House passed my legislation to allow the FDA to collect user fees to fulfill its vital mission of ensuring the safety, efficacy, and quality of America’s drugs and medical devices,” said Rep. Eshoo last week.
In addition to improving cybersecurity of medical devices, H.R. 7667 would reauthorize FDA user fee programs for certain drugs and devices and establishes clinical trial diversity requirements.
The legislation would reauthorize the FDA user fee programs for prescription drugs, medical devices, generic drugs, and biosimilars through fiscal year 2027.