Skip to main content

Q&A: The facts about the PATCH Act

The PATCH Act, effective from October 1, 2023, establishes stricter cybersecurity requirements for medical devices, mandating manufacturers to implement robust security measures, develop comprehensive monitoring and response plans, and ensure the ability to release timely patches to address vulnerabilities.
Kiays Khalil
Medical Device Network
  •  
September 4, 2023
No items found.

This article originally appeared in Medical Design and Outsourcing News on September 4, 2024.

As the October 1st deadline for the new US Protecting and Transforming Cyber Health Care Act of 2022 (PATCH Act) comes into force, the medical device industry is gearing up to meet all the requirements before premarket submissions to the US Food and Drug Administration (FDA).

With the FDA potentially refusing to accept submissions that fail to meet the requirements, sponsors, and developers of cyber devices must be diligent about how to comply with the act.

The PATCH Act, which has been in development for several years, defines a framework for minimal cybersecurity focus within medical devices. On December 29th, 2022, the Act was signed into US law and from March 29, 2023, a premarket application or submission of cyber devices had to contain all information required by the FDA. In this period, the FDA holds back from issuing refuse to accept (RTA) for premarket submissions of cyber devices submitted before October 1st, 2023.

In an exclusive interview with Medical Device Network, former FDA software system safety expert Paul Jones, and Ketryx founder Erez Kaminski, discuss all the concerns surrounding the enforcement of the PATCH Act.

Interview transcript

More blogs

No items found.