H-ISAC TLP White Announcement Fall America Summit FDA Town Hall Recap

On December 2nd, the Health-ISAC Fall Americas Summit convened healthcare leaders and regulators to address the evolving medical device cybersecurity landscape. The FDA’s Division Director for Medical Device Cybersecurity and a Policy Analyst provided direct insights into current regulatory priorities. The briefing included revisions to the premarket guidance with an emphasis on the alignment with CFR20, clarified the definition of a cyber device and submission expectations aligned with section 524B obligations.  The FDA also shared common submission deficiencies include inadequate threat modeling, incomplete risk assessments, missing or outdated SBOMs, weak penetration testing, and insufficient security architecture detail The Summit reinforced the FDA’s expectation that manufacturers elevate cybersecurity programs to meet regulatory standards. Healthcare Technology Management leaders are urged to operationalize guidance now; embedding SBOM tracking, enforcing patch timelines, and aligning procurement with secure design principles to transform compliance into resilience and safeguard patient safety.

View the detailed report below.