Medical device manufacturers and healthcare delivery organisations managing connected clinical devices — infusion pumps, imaging systems, patient monitors — face the challenge that most deployed medical devices run legacy operating systems without patch support and cannot host endpoint agents, requiring network-layer Zero Trust controls to compensate for device-level security limitations. FDA cybersecurity guidance under the Consolidated Appropriations Act 2023 now requires device manufacturers to submit cybersecurity plans with 510(k) and PMA applications, treating network isolation and authenticated update delivery as product safety requirements.
Related: MedTech · Healthcare · Hospitals · Zero Trust for OT · HIPAA