Cybeats Technologies Corp. announced a partnership with the Health Information Sharing and Analysis Center. Cybeats and Health-ISAC will go to market with a joint Software Bill of Materials management solution targeting Medical Device Manufacturers (MDMs) and Healthcare Delivery Organizations (HDOs).

The Health-ISAC membership includes over 700 healthcare providers, pharmaceutical companies, and MDMs from around the globe, who are actively committed to defending against cyber threats in healthcare. The partnership will offer 'H-ISAC SBOM Studio' to H-ISAC members and the broader healthcare community, who are facing increasing regulations on cybersecurity and the adoption of SBOM. This partnership creates a significant revenue opportunity for Cybeats in the medical device industry.

SBOM Studio 2 has already been commercially validated in this market, and is being used by four of the top 10 global MDMs. The joint solution between Health-ISAC and Cybeats allows MDMs to upload and share SBOMs and Vulnerability Exploitability eXchange (VEX) security artifacts. Health-ISAC members, including HDOs, will benefit by having one central repository to access vital SBOM and vulnerability information, making the process less complex to address threats as they arise. This is a direct response to FDA's new regulations and guidance, improving risk mitigation efforts, enhancing visibility, and streamlining regulatory remits.

The U.S. Food and Drug Administration's ("FDA") solidified its role in regulating medical device cybersecurity with its authority to approve or reject premarket submissions based on compliance with section 524B of the Federal Food, Drug, and Cosmetic Act ("FD&C Act"). This section mandates that Medical Device. Manufacturers ("MDM") provide a SBOM for their devices' commercial, open-source, and off-the-shelf software components.

To proactively manage cybersecurity risks, MDMs must maintain an accurate inventory of device components, develop vulnerability management and risk assessment processes, provide device patches, and maintain device change records. FDA's Refuse-to-Accept ("RTA") authority as of March 29, 2023, emphasizes the significance of SBOM management solutions like SBOM Studio. On September 26, 2023, FDA released final (revised) premarket cybersecurity guidance, which supersedes premarket cybersecurity guidance issued on October 2, 2014.

The recommendations in FDA guidance are intended to help manufacturers meet their obligations under section 524B of the FD&C Act.