Software Bill of Materials required by the FDA will help thwart cybersecurity threats
In the latest directive to mitigate cybersecurity breaches in the health care sector, the FDA has mandated that manufacturers provide software bill of materials (SBOMs) for all medical devices going to market. The new requirement demonstrates the growing importance of not only strengthening cybersecurity in the health care sector but also the use of SBOMs as a key cyber defense strategy.
The introduction of the new legislation follows in the wake of several cybersecurity incidents within the health care sector. Health care cyber attacks in the U.S. more than doubled from 2016 to 2021, putting medical devices — and patients — at risk and exposing the private health information of nearly 42 million individuals. In such a digital landscape, the integration of cybersecurity best practices such as the use of SBOMs comes as a welcome step forward in the fight against cybercrime.
An SBOM refers to a comprehensive inventory or list of all the software components and dependencies used in a particular software application or system. It provides a detailed breakdown of the software supply chain, including both proprietary and open-source components.
The SBOM captures information such as the names of the software components and libraries, versions, associated licenses, and any known vulnerabilities or security issues. In such a way, it helps health care organizations gain visibility into the software they’re using and identify potential security risks or vulnerabilities associated with the underlying components. The result is a better managed and secure software supply chain and a stronger cybersecurity infrastructure.
In addition to enhancing supply chain security, SBOMs play a vital role in health care cybersecurity by facilitating vulnerability management, ensuring regulatory compliance, enabling effective incident response, and supporting secure software development practices. They also enhance collaboration and information sharing, which in itself is a best practice that leads to continuous enhancements in security.
As critical as SBOMs are to an organization’s cybersecurity infrastructure, an SBOM on its own doesn’t do anything — it needs to be vigilantly monitored and analyzed in order to detect and respond to any component-level vulnerabilities that arise across the life cycle of the hardware or software device. In this way,supply chain risk management processes are critical to SBOM implementation.
SBOMs and supply chain risk management processes are just two strategies that can be employed to help health care providers safeguard against cybersecurity threats. Others include:
By implementing SBOMs and the other technologies and approaches above, health care providers can significantly enhance their cybersecurity posture and better protect patient data and critical systems from cyber threats. Even in today’s escalating cybersecurity landscape, the result will be a safer environment for patients, staff, and stakeholders across the medical sector.
About the Author
Walt Szablowski is the Founder and Executive Chairman of Eracent and serves as Chair of Eracent’s subsidiaries (Eracent SP ZOO, Warsaw, Poland; Eracent Private LTD in Bangalore, India, and Eracent Brazil). Eracent helps its customers meet the challenges of managing IT network assets, software licenses, and cybersecurity in today’s complex and evolving IT environments. Dozens of Fortune 500 companies rely on Eracent solutions to manage and protect their networks. To learn more, visit http://www.eracent.com/ztrp.