The Consolidated Appropriations Act of 2023 (Omnibus) amended the Federal Food, Drug, and Cosmetic Act to require medical device manufacturers to address cybersecurity. As of March 29, 2023, they must provide cybersecurity details in premarket submissions. The Omnibus mandates plans for postmarket cybersecurity vulnerabilities, device cybersecurity demonstrations, and software bill of materials (SBOM) disclosures. Starting October 1, 2023, the FDA will reject submissions not meeting cybersecurity criteria, emphasizing proactive cybersecurity measures.
Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 2024
Cisco ASA devices were targeted by hackers using two zero-days to install backdoors. Also, an attack using Ivanti zero-day vulnerabilities resulted in a breach at