FDA Tightens Cybersecurity Rules for Digital Health Devices
On March 27, 2025, the U.S. Food and Drug Administration (FDA) finalized a sweeping new set of cybersecurity requirements for connected medical devices. Although technically a continuation of prior guidance, the new rules mark the first time device makers are legally required to build cybersecurity into their design, development, and regulatory approval processes. The move, which became fully enforceable this…