UL 2900-2-1, the UL Standard for Safety, Software Cybersecurity for Network-Connectable Products, Part 2-1: Particular Requirements for Network Connectable Components of Healthcare and Wellness Systems, was published and adopted as an ANSI standard in September 2017.
The UL 2900-2-1 standard says it “applies to the testing of network connected components of healthcare systems,” including these:
- Medical devices
- Accessories to medical devices
- Medical device data systems
- In vitro diagnostic devices
- Health information technology
- Wellness devices
UL 2900-2-1 was officially recognized by the FDA in June 2018. Relevant FDA guidance includes:
- Content of Premarket Submissions for Management of Cybersecurity in Medical Devices (October 2014)
- Content of Premarket Submissions for Management of Cybersecurity in Medical Devices (draft from October 2018, will supersede the October 2014 edition once finalized)
- Postmarket Management of Cybersecurity in Medical Devices (December 2016)