On December 28, 2016, the U.S. Food and Drug Administration (FDA) released final guidance on the management of cybersecurity vulnerabilities for marketed and distributed medical devices. The guidance establishes a risk-based approach for the reporting of medical device cybersecurity vulnerabilities to the FDA.
With its continued focus on cybersecurity, the Hong Kong Securities and Futures Commission (SFC) recently issued a circular to all its licensed corporations (LCs) identifying key areas of concern and suggesting cybersecurity controls.
Hong Kong does not have any overarching cybersecurity legislation, and industry-specific regulatory activity in relation to cybersecurity has been limited to date. The Hong Kong Monetary Authority and the SFC have been the most active regulators on the topic. The SFC’s circular is the most comprehensive statement on cybersecurity by a Hong Kong regulator to date.