New FDA Cybersecurity Standards: How Medical Device Startups Can Stay Ahead

Charles Aunger
Share Article

On Wednesday, the FDA issued new cybersecurity guidance for medical device manufacturers as part of the $1.7 trillion federal omnibus spending bill. This move aims to protect sensitive health information and personal data from potential cyberattacks, especially with recent vulnerabilities from established companies such as Insulet and Zoll Medical.

These new regulations affect not only established companies but also medical device startups. As a founder, you need to take critical steps to stay on top of cybersecurity and protect patient data.

Medical device startups face an uphill battle when it comes to cybersecurity. With the FDA’s announcement, it’s more important than ever for these companies to stay ahead of the curve. The FDA’s new regulations require medical device manufacturers to develop a cybersecurity vulnerability management plan, implement internal procedures for cybersecurity, and prepare a software bill of materials (SBOM).

Here are three tips from Charles Aunger, Health2047 Managing Director of Technology, to help medical device startups with limited resources stay ahead of the game:

  1. Develop a cybersecurity vulnerability management plan: Medical device manufacturers must submit a plan detailing how they will identify and address potential vulnerabilities in their products. You should establish a clear strategy to monitor and manage cybersecurity risks throughout the life of your devices. Companies like Aunger’s HEAL Security help provide consulting and monitoring services to healthcare organizations.
  2. Implement internal procedures for cybersecurity: As a startup, it might be challenging to maintain internal documentation, but it is crucial to prioritize establishing internal processes that focus on device security and swift response to emerging threats. Use tools like Trello, Asana, or Notion to streamline documentation, track progress, and ensure that everyone on your team stays informed about cybersecurity measures and updates.
  3. Prepare a software bill of materials: The new regulations mandate the inclusion of a software bill of materials (SBOM) in FDA submissions. An SBOM is a comprehensive list of all software components used in a medical device, including open-source libraries, proprietary code, third-party software, and any dependencies. As a startup, it is essential to maintain detailed records of your devices’ software components within an SBOM, ensuring that they are updated and secure, and to demonstrate thorough documentation practices during the regulatory process.

The FDA’s new cybersecurity guidance is critical for protecting patients’ health and sensitive information. Medical device startups must prioritize cybersecurity by developing a vulnerability management plan, implementing internal procedures for cybersecurity, and preparing an SBOM. By following these guidelines, startups can build a strong foundation for their devices’ and business’ long-term security. 

Powering insights

Case Study: Health2047’s Model in Action

Podcast: So You Want to Transform Healthcare

HOPPR is transforming healthcare diagnostics with AI-driven medical imaging technology.


Khan M. Siddiqui, MD
Oliver Chen, MD
Robert Bakos
Gerry Stegmaier


Founded 2018