SlideShare a Scribd company logo

Cybersecurity in medical devices

Download as ODP, PDF
S
SafisSolutions

A short slide show presentation on Cybersecurity in the Medical Device industry and the changes made by the FDA to the post market management.

Healthcare
1 of 15
Cybersecurity in Medical Devices Post Market Management Safis Solutions
The Problem • More and more Medical Devices are being designed to be networked with other patient care systems Ø Networked devices include software that may be vulnerable to cybersecurity threats • Safety and Effectiveness Impact • Risk to Public Health Ø
The Impact • Compromised Device Functionality • Loss of Data Availability or Integrity Ø Medical Ø Personal • Exposure of other connected devices or networks to security threats Ø All of the above may lead to potential patient illness, injury, or death
Scope • Software containing Medical Devices • Software that is a Medical Device Note: Guidance Not Applicable to Experimental or Investigational Devices
The Solution - FDA’s Expectation • Holistic Ø Includes the entire Product Lifecycle of the device – from conception to obsolescence • Not just a point-in-time intervention Ø Continual monitoring, including post market Ø E.g. Monitoring vulnerabilities inadvertently introduced during patch releases • Device Manufacturers responsible Ø Proactive, not reactive, posture expected from manufacturers Ø Active, voluntary participation in an ISAO ISAO: Information Sharing Analysis Organizations, per Executive Order # 13691, released 13th Feb 2015
FDA’s Guidance • Cybersecurity for Networked Medical Devices containing OTS Software Ø Jan 14, 2005 • Content of Premarket Submissions for Management of Cybersecurity in Medical Devices Ø Oct 2, 2014 • Post Market Management of Cybersecurity in Medical Devices (Draft) Ø Jan 22, 2016 Purchasing Post market monitoring Design
Key Themes • Collaboration • ISAO Participation • Shared Responsibility Ø Cognate terms for collaboration and sharing occur 24 times in the document • Proactive approach • Risk based approach • Essential Clinical Performance Ø This term occurs 58 times in the document Ø Idea borrowed from IEC 60601-1, but ‘clinical’ added in this document You approach your cybersecurity program with this… …to preserve this.
Collaboration – Key Communities Healthcare Delivery Organizations (HDOs) Clinical User Community Medical Device Community IT Community ISAO
Collaboration – product view User IT System Integrator Health IT Developers IT Vendors Manufacturer ISAO
Collaboration • Advantages Ø Sharing of established resources • Standards; Guidelines; Best practices; Frameworks Ø Consistent threat assessment & mitigation • Outputs Ø Develop a Cybersecurity Risk Management Culture Ø Establish a Common Understanding • Goal Ø Device safety is preserved Ø Device effectiveness is not compromised
Comprehensive Cybersecurity Program • NIST Framework for improving critical infrastructure cybersecurity Ø Identify Ø Protect Ø Detect Ø Respond Ø Recover • http:// www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.p
Identify • Define Essential Clinical Performance • Identify Cybersecurity Signals •
Protect / Detect • Assess and Characterize Vulnerability • Analyze Risk (Threat Modeling) • Analyze Threat Sources • Incorporate Threat Detection Capabilities • ‘Impact Assess’ all Devices •
Protect / Respond / Recover • Assess Compensating Controls Ø Detect / Respond • Mitigate Risk of Essential Clinical Performance •
End Note • The NIST Framework is mentioned here at the very highest level • The purpose of its mention is to simply raise an awareness • A separate slide deck is warranted to delve deeper into what it is and how it can be implemented • Individuals are encouraged to ask questions or provide comments on the FDA guidance on post market management of cybersecurity in medical devices until April 21st of 2016

Recommended

Breakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical DevicesBreakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical Devices
Healthegy
 
Cybersecurity in Medical Devices
Cybersecurity in Medical DevicesCybersecurity in Medical Devices
Cybersecurity in Medical Devices
Sheersha Pramanik 🇮🇳
 
CyberSecurity Medical Devices
CyberSecurity Medical DevicesCyberSecurity Medical Devices
CyberSecurity Medical Devices
Suresh Mandava
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity Guidance
Pam Gilmore
 
Secure Your Medical Devices From the Ground Up
Secure Your Medical Devices From the Ground Up Secure Your Medical Devices From the Ground Up
Secure Your Medical Devices From the Ground Up
ICS
 
Getting Your Medical Device FDA Approved
Getting Your Medical Device FDA ApprovedGetting Your Medical Device FDA Approved
Getting Your Medical Device FDA Approved
mentoresd
 
Medical Devices Regulation (MDR) 2017/745 - Classification of devices
Medical Devices Regulation (MDR) 2017/745 - Classification of devices Medical Devices Regulation (MDR) 2017/745 - Classification of devices
Medical Devices Regulation (MDR) 2017/745 - Classification of devices
Arete-Zoe, LLC
 
Medical device classification following MDR 2017/745
Medical device classification following MDR 2017/745Medical device classification following MDR 2017/745
Medical device classification following MDR 2017/745
Monir EL AZZOUZI
 

Recommended

Breakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical DevicesBreakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical Devices
Healthegy
 
Cybersecurity in Medical Devices
Cybersecurity in Medical DevicesCybersecurity in Medical Devices
Cybersecurity in Medical Devices
Sheersha Pramanik 🇮🇳
 
CyberSecurity Medical Devices
CyberSecurity Medical DevicesCyberSecurity Medical Devices
CyberSecurity Medical Devices
Suresh Mandava
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity Guidance
Pam Gilmore
 
Secure Your Medical Devices From the Ground Up
Secure Your Medical Devices From the Ground Up Secure Your Medical Devices From the Ground Up
Secure Your Medical Devices From the Ground Up
ICS
 
Getting Your Medical Device FDA Approved
Getting Your Medical Device FDA ApprovedGetting Your Medical Device FDA Approved
Getting Your Medical Device FDA Approved
mentoresd
 
Medical Devices Regulation (MDR) 2017/745 - Classification of devices
Medical Devices Regulation (MDR) 2017/745 - Classification of devices Medical Devices Regulation (MDR) 2017/745 - Classification of devices
Medical Devices Regulation (MDR) 2017/745 - Classification of devices
Arete-Zoe, LLC
 
Medical device classification following MDR 2017/745
Medical device classification following MDR 2017/745Medical device classification following MDR 2017/745
Medical device classification following MDR 2017/745
Monir EL AZZOUZI
 
Tech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareTech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in Healthcare
CompTIA
 
Cybersecurity and Software Updates in Medical Devices.pdf
Cybersecurity and Software Updates in Medical Devices.pdfCybersecurity and Software Updates in Medical Devices.pdf
Cybersecurity and Software Updates in Medical Devices.pdf
ICS
 
FDA Regulation of Medical Devices
FDA Regulation of Medical DevicesFDA Regulation of Medical Devices
FDA Regulation of Medical Devices
Dr Dev Kambhampati
 
Medical Devices Regulation (MDR) 2017/745 - Annex I
Medical Devices Regulation (MDR) 2017/745 - Annex I Medical Devices Regulation (MDR) 2017/745 - Annex I
Medical Devices Regulation (MDR) 2017/745 - Annex I
Arete-Zoe, LLC
 
Post-Market Clinical Follow Up Studies Under EU MDR and IVDR
Post-Market Clinical Follow Up Studies Under EU MDR and IVDRPost-Market Clinical Follow Up Studies Under EU MDR and IVDR
Post-Market Clinical Follow Up Studies Under EU MDR and IVDR
EMMAIntl
 
The European Medical Device Regulations - analysis of the final text
The European Medical Device Regulations - analysis of the final textThe European Medical Device Regulations - analysis of the final text
The European Medical Device Regulations - analysis of the final text
pi
 
FDA UDI vs EU UDI
FDA UDI vs EU UDIFDA UDI vs EU UDI
FDA UDI vs EU UDI
mitchellrobertss
 
Clinical evaluation: Supporting medical device product life-cycle. Applicable...
Clinical evaluation: Supporting medical device product life-cycle. Applicable...Clinical evaluation: Supporting medical device product life-cycle. Applicable...
Clinical evaluation: Supporting medical device product life-cycle. Applicable...
Arete-Zoe, LLC
 
The In vitro diagnostic medical devices regulation (EU) 2017/746: what will c...
The In vitro diagnostic medical devices regulation (EU) 2017/746: what will c...The In vitro diagnostic medical devices regulation (EU) 2017/746: what will c...
The In vitro diagnostic medical devices regulation (EU) 2017/746: what will c...
European Center for Disease Prevention and Control (ECDC)
 
Understanding Post-market Surveillance under EU MDR: Being Proactive, not Rea...
Understanding Post-market Surveillance under EU MDR: Being Proactive, not Rea...Understanding Post-market Surveillance under EU MDR: Being Proactive, not Rea...
Understanding Post-market Surveillance under EU MDR: Being Proactive, not Rea...
Greenlight Guru
 
How to Prepare for the New EU Medical Device Regulations (MDR)
How to Prepare for the New EU Medical Device Regulations (MDR)How to Prepare for the New EU Medical Device Regulations (MDR)
How to Prepare for the New EU Medical Device Regulations (MDR)
Greenlight Guru
 
EU Medical Device Regulatory Framework_Dec, 2022
EU Medical Device Regulatory Framework_Dec, 2022EU Medical Device Regulatory Framework_Dec, 2022
EU Medical Device Regulatory Framework_Dec, 2022
Levi Shapiro
 
EU MDR
EU MDR EU MDR
EU MDR
RohitParkale
 
8 Steps You Should Be Taking to Implement an EU-MDR Compliance Program
8 Steps You Should Be Taking to Implement an EU-MDR Compliance Program8 Steps You Should Be Taking to Implement an EU-MDR Compliance Program
8 Steps You Should Be Taking to Implement an EU-MDR Compliance Program
Greenlight Guru
 
European MDR - Understanding Safety and Performance Requirements
European MDR - Understanding Safety and Performance RequirementsEuropean MDR - Understanding Safety and Performance Requirements
European MDR - Understanding Safety and Performance Requirements
Kirsten Bertelsen
 
Regulation of Medical Devices in US
Regulation of Medical Devices in USRegulation of Medical Devices in US
Regulation of Medical Devices in US
Ankit Geete
 
EU Medical Device Classification MDR 2017/745
EU Medical Device Classification MDR 2017/745EU Medical Device Classification MDR 2017/745
EU Medical Device Classification MDR 2017/745
Monir EL AZZOUZI
 
Regulation of software as medical devices
Regulation of software as medical devicesRegulation of software as medical devices
Regulation of software as medical devices
TGA Australia
 
Regulatory approval process for invitro diagnostics in us
Regulatory approval process for invitro diagnostics in usRegulatory approval process for invitro diagnostics in us
Regulatory approval process for invitro diagnostics in us
Vinod Raj
 
Medical Devices Regulation (MDR) 2017/745 - Part I Purpose, Scope, Definitions
Medical Devices Regulation (MDR) 2017/745 - Part I Purpose, Scope, DefinitionsMedical Devices Regulation (MDR) 2017/745 - Part I Purpose, Scope, Definitions
Medical Devices Regulation (MDR) 2017/745 - Part I Purpose, Scope, Definitions
Arete-Zoe, LLC
 
Collaborative Approaches for Medical Device & Healthcare Cybersecurity
Collaborative Approaches for Medical Device & Healthcare CybersecurityCollaborative Approaches for Medical Device & Healthcare Cybersecurity
Collaborative Approaches for Medical Device & Healthcare Cybersecurity
Dr Dev Kambhampati
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devices
SafisSolutions
 

More Related Content

What's hot

Post-Market Clinical Follow Up Studies Under EU MDR and IVDR
Post-Market Clinical Follow Up Studies Under EU MDR and IVDRPost-Market Clinical Follow Up Studies Under EU MDR and IVDR
Post-Market Clinical Follow Up Studies Under EU MDR and IVDR
EMMAIntl
 
Understanding Post-market Surveillance under EU MDR: Being Proactive, not Rea...
Understanding Post-market Surveillance under EU MDR: Being Proactive, not Rea...Understanding Post-market Surveillance under EU MDR: Being Proactive, not Rea...
Understanding Post-market Surveillance under EU MDR: Being Proactive, not Rea...
Greenlight Guru
 
How to Prepare for the New EU Medical Device Regulations (MDR)
How to Prepare for the New EU Medical Device Regulations (MDR)How to Prepare for the New EU Medical Device Regulations (MDR)
How to Prepare for the New EU Medical Device Regulations (MDR)
Greenlight Guru
 
EU Medical Device Regulatory Framework_Dec, 2022
EU Medical Device Regulatory Framework_Dec, 2022EU Medical Device Regulatory Framework_Dec, 2022
EU Medical Device Regulatory Framework_Dec, 2022
Levi Shapiro
 
8 Steps You Should Be Taking to Implement an EU-MDR Compliance Program
8 Steps You Should Be Taking to Implement an EU-MDR Compliance Program8 Steps You Should Be Taking to Implement an EU-MDR Compliance Program
8 Steps You Should Be Taking to Implement an EU-MDR Compliance Program
Greenlight Guru
 
Regulatory approval process for invitro diagnostics in us
Regulatory approval process for invitro diagnostics in usRegulatory approval process for invitro diagnostics in us
Regulatory approval process for invitro diagnostics in us
Vinod Raj
 

What's hot (20)

Tech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareTech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in Healthcare
 
Cybersecurity and Software Updates in Medical Devices.pdf
Cybersecurity and Software Updates in Medical Devices.pdfCybersecurity and Software Updates in Medical Devices.pdf
Cybersecurity and Software Updates in Medical Devices.pdf
 
FDA Regulation of Medical Devices
FDA Regulation of Medical DevicesFDA Regulation of Medical Devices
FDA Regulation of Medical Devices
 
Medical Devices Regulation (MDR) 2017/745 - Annex I
Medical Devices Regulation (MDR) 2017/745 - Annex I Medical Devices Regulation (MDR) 2017/745 - Annex I
Medical Devices Regulation (MDR) 2017/745 - Annex I
 
Post-Market Clinical Follow Up Studies Under EU MDR and IVDR
Post-Market Clinical Follow Up Studies Under EU MDR and IVDRPost-Market Clinical Follow Up Studies Under EU MDR and IVDR
Post-Market Clinical Follow Up Studies Under EU MDR and IVDR
 
The European Medical Device Regulations - analysis of the final text
The European Medical Device Regulations - analysis of the final textThe European Medical Device Regulations - analysis of the final text
The European Medical Device Regulations - analysis of the final text
 
FDA UDI vs EU UDI
FDA UDI vs EU UDIFDA UDI vs EU UDI
FDA UDI vs EU UDI
 
Clinical evaluation: Supporting medical device product life-cycle. Applicable...
Clinical evaluation: Supporting medical device product life-cycle. Applicable...Clinical evaluation: Supporting medical device product life-cycle. Applicable...
Clinical evaluation: Supporting medical device product life-cycle. Applicable...
 
The In vitro diagnostic medical devices regulation (EU) 2017/746: what will c...
The In vitro diagnostic medical devices regulation (EU) 2017/746: what will c...The In vitro diagnostic medical devices regulation (EU) 2017/746: what will c...
The In vitro diagnostic medical devices regulation (EU) 2017/746: what will c...
 
Understanding Post-market Surveillance under EU MDR: Being Proactive, not Rea...
Understanding Post-market Surveillance under EU MDR: Being Proactive, not Rea...Understanding Post-market Surveillance under EU MDR: Being Proactive, not Rea...
Understanding Post-market Surveillance under EU MDR: Being Proactive, not Rea...
 
How to Prepare for the New EU Medical Device Regulations (MDR)
How to Prepare for the New EU Medical Device Regulations (MDR)How to Prepare for the New EU Medical Device Regulations (MDR)
How to Prepare for the New EU Medical Device Regulations (MDR)
 
EU Medical Device Regulatory Framework_Dec, 2022
EU Medical Device Regulatory Framework_Dec, 2022EU Medical Device Regulatory Framework_Dec, 2022
EU Medical Device Regulatory Framework_Dec, 2022
 
EU MDR
EU MDR EU MDR
EU MDR
 
8 Steps You Should Be Taking to Implement an EU-MDR Compliance Program
8 Steps You Should Be Taking to Implement an EU-MDR Compliance Program8 Steps You Should Be Taking to Implement an EU-MDR Compliance Program
8 Steps You Should Be Taking to Implement an EU-MDR Compliance Program
 
European MDR - Understanding Safety and Performance Requirements
European MDR - Understanding Safety and Performance RequirementsEuropean MDR - Understanding Safety and Performance Requirements
European MDR - Understanding Safety and Performance Requirements
 
Regulation of Medical Devices in US
Regulation of Medical Devices in USRegulation of Medical Devices in US
Regulation of Medical Devices in US
 
EU Medical Device Classification MDR 2017/745
EU Medical Device Classification MDR 2017/745EU Medical Device Classification MDR 2017/745
EU Medical Device Classification MDR 2017/745
 
Regulation of software as medical devices
Regulation of software as medical devicesRegulation of software as medical devices
Regulation of software as medical devices
 
Regulatory approval process for invitro diagnostics in us
Regulatory approval process for invitro diagnostics in usRegulatory approval process for invitro diagnostics in us
Regulatory approval process for invitro diagnostics in us
 
Medical Devices Regulation (MDR) 2017/745 - Part I Purpose, Scope, Definitions
Medical Devices Regulation (MDR) 2017/745 - Part I Purpose, Scope, DefinitionsMedical Devices Regulation (MDR) 2017/745 - Part I Purpose, Scope, Definitions
Medical Devices Regulation (MDR) 2017/745 - Part I Purpose, Scope, Definitions
 

Viewers also liked

Corso di Alta Specializzazione in AFFARI REGOLATORI
Corso di Alta Specializzazione in AFFARI REGOLATORICorso di Alta Specializzazione in AFFARI REGOLATORI
Corso di Alta Specializzazione in AFFARI REGOLATORI
Alma Laboris
 
FDA Cybersecurity Recommendations to Comply with NIST - Wearables Crash Cours...
FDA Cybersecurity Recommendations to Comply with NIST - Wearables Crash Cours...FDA Cybersecurity Recommendations to Comply with NIST - Wearables Crash Cours...
FDA Cybersecurity Recommendations to Comply with NIST - Wearables Crash Cours...
Epstein Becker Green
 
2016FRAMEWORK NAZIONALEBALDONIXWEB
2016FRAMEWORK NAZIONALEBALDONIXWEB2016FRAMEWORK NAZIONALEBALDONIXWEB
2016FRAMEWORK NAZIONALEBALDONIXWEB
Roberto Baldoni
 
Presentazione Italian Cybersecurity Report 2016: I controlli essenziali di si...
Presentazione Italian Cybersecurity Report 2016: I controlli essenziali di si...Presentazione Italian Cybersecurity Report 2016: I controlli essenziali di si...
Presentazione Italian Cybersecurity Report 2016: I controlli essenziali di si...
Roberto Baldoni
 

Viewers also liked (10)

Collaborative Approaches for Medical Device & Healthcare Cybersecurity
Collaborative Approaches for Medical Device & Healthcare CybersecurityCollaborative Approaches for Medical Device & Healthcare Cybersecurity
Collaborative Approaches for Medical Device & Healthcare Cybersecurity
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devices
 
Fonti di prova digitali
Fonti di prova digitaliFonti di prova digitali
Fonti di prova digitali
 
Corso di Alta Specializzazione in AFFARI REGOLATORI
Corso di Alta Specializzazione in AFFARI REGOLATORICorso di Alta Specializzazione in AFFARI REGOLATORI
Corso di Alta Specializzazione in AFFARI REGOLATORI
 
FDA Cybersecurity Recommendations to Comply with NIST - Wearables Crash Cours...
FDA Cybersecurity Recommendations to Comply with NIST - Wearables Crash Cours...FDA Cybersecurity Recommendations to Comply with NIST - Wearables Crash Cours...
FDA Cybersecurity Recommendations to Comply with NIST - Wearables Crash Cours...
 
2016FRAMEWORK NAZIONALEBALDONIXWEB
2016FRAMEWORK NAZIONALEBALDONIXWEB2016FRAMEWORK NAZIONALEBALDONIXWEB
2016FRAMEWORK NAZIONALEBALDONIXWEB
 
아이돌인턴왕
아이돌인턴왕아이돌인턴왕
아이돌인턴왕
 
SolarWinds Federal Cybersecurity Survey 2016
SolarWinds Federal Cybersecurity Survey 2016SolarWinds Federal Cybersecurity Survey 2016
SolarWinds Federal Cybersecurity Survey 2016
 
Discorso cybersecurity
Discorso cybersecurityDiscorso cybersecurity
Discorso cybersecurity
 
Presentazione Italian Cybersecurity Report 2016: I controlli essenziali di si...
Presentazione Italian Cybersecurity Report 2016: I controlli essenziali di si...Presentazione Italian Cybersecurity Report 2016: I controlli essenziali di si...
Presentazione Italian Cybersecurity Report 2016: I controlli essenziali di si...
 

Similar to Cybersecurity in medical devices

[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device security[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device security
OWASP
 
Chapter 16
Chapter 16Chapter 16
Chapter 16
bodo-con
 
Identifying Safety Signals by Data Mining the FDA Adverse Event Reporting Sys...
Identifying Safety Signals by Data Mining the FDA Adverse Event Reporting Sys...Identifying Safety Signals by Data Mining the FDA Adverse Event Reporting Sys...
Identifying Safety Signals by Data Mining the FDA Adverse Event Reporting Sys...
Perficient, Inc.
 
Design Considerations to Maximize Medical Device Cloud Connectivity
Design Considerations to Maximize Medical Device Cloud ConnectivityDesign Considerations to Maximize Medical Device Cloud Connectivity
Design Considerations to Maximize Medical Device Cloud Connectivity
Greenlight Guru
 
Usability Validation Testing of Medical Devices and Software
Usability Validation Testing of Medical Devices and SoftwareUsability Validation Testing of Medical Devices and Software
Usability Validation Testing of Medical Devices and Software
UXPA Boston
 
Webinar: Medical Device Security: An Industry Under Attack and Unprepared to ...
Webinar: Medical Device Security: An Industry Under Attack and Unprepared to ...Webinar: Medical Device Security: An Industry Under Attack and Unprepared to ...
Webinar: Medical Device Security: An Industry Under Attack and Unprepared to ...
Synopsys Software Integrity Group
 

Similar to Cybersecurity in medical devices (20)

[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device security[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device security
 
How to Secure Medical Devices presentation.pptx
How to Secure Medical Devices presentation.pptxHow to Secure Medical Devices presentation.pptx
How to Secure Medical Devices presentation.pptx
 
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
 
Network Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudyNetwork Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case Study
 
Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.
Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.
Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...
 
HXR 2017: Bakul Patel: How the FDA Is Promoting Innovation and Protecting the...
HXR 2017: Bakul Patel: How the FDA Is Promoting Innovation and Protecting the...HXR 2017: Bakul Patel: How the FDA Is Promoting Innovation and Protecting the...
HXR 2017: Bakul Patel: How the FDA Is Promoting Innovation and Protecting the...
 
Best_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdfBest_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdf
 
HIT Policy Committee FDASIA Update
HIT Policy Committee FDASIA UpdateHIT Policy Committee FDASIA Update
HIT Policy Committee FDASIA Update
 
Chapter 16
Chapter 16Chapter 16
Chapter 16
 
Identifying Safety Signals by Data Mining the FDA Adverse Event Reporting Sys...
Identifying Safety Signals by Data Mining the FDA Adverse Event Reporting Sys...Identifying Safety Signals by Data Mining the FDA Adverse Event Reporting Sys...
Identifying Safety Signals by Data Mining the FDA Adverse Event Reporting Sys...
 
Medical Product Development cycle
Medical Product Development cycleMedical Product Development cycle
Medical Product Development cycle
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical Devices
 
Computer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
Computer Software Assurance (CSA): Understanding the FDA’s New Draft GuidanceComputer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
Computer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
 
Adequate directions for use "In the Age of AI and Watson"
Adequate directions for use "In the Age of AI and Watson"Adequate directions for use "In the Age of AI and Watson"
Adequate directions for use "In the Age of AI and Watson"
 
Design Considerations to Maximize Medical Device Cloud Connectivity
Design Considerations to Maximize Medical Device Cloud ConnectivityDesign Considerations to Maximize Medical Device Cloud Connectivity
Design Considerations to Maximize Medical Device Cloud Connectivity
 
Usability Validation Testing of Medical Devices and Software
Usability Validation Testing of Medical Devices and SoftwareUsability Validation Testing of Medical Devices and Software
Usability Validation Testing of Medical Devices and Software
 
Webinar: Medical Device Security: An Industry Under Attack and Unprepared to ...
Webinar: Medical Device Security: An Industry Under Attack and Unprepared to ...Webinar: Medical Device Security: An Industry Under Attack and Unprepared to ...
Webinar: Medical Device Security: An Industry Under Attack and Unprepared to ...
 

Recently uploaded

Vip Call Girls Makarba 👙 6367187148 👙 Genuine WhatsApp Number for Real Meet
Vip Call Girls Makarba 👙 6367187148 👙 Genuine WhatsApp Number for Real MeetVip Call Girls Makarba 👙 6367187148 👙 Genuine WhatsApp Number for Real Meet
Vip Call Girls Makarba 👙 6367187148 👙 Genuine WhatsApp Number for Real Meet
Ahmedabad Call Girls
 
Patna Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Patna Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetPatna Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Patna Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Call Girls Service
 
Premium Call Girls Bangalore {7304373326} ❤️VVIP POOJA Call Girls in Bangalor...
Premium Call Girls Bangalore {7304373326} ❤️VVIP POOJA Call Girls in Bangalor...Premium Call Girls Bangalore {7304373326} ❤️VVIP POOJA Call Girls in Bangalor...
Premium Call Girls Bangalore {7304373326} ❤️VVIP POOJA Call Girls in Bangalor...
Sheetaleventcompany
 
Independent Call Girls Hyderabad 💋 9352988975 💋 Genuine WhatsApp Number for R...
Independent Call Girls Hyderabad 💋 9352988975 💋 Genuine WhatsApp Number for R...Independent Call Girls Hyderabad 💋 9352988975 💋 Genuine WhatsApp Number for R...
Independent Call Girls Hyderabad 💋 9352988975 💋 Genuine WhatsApp Number for R...
Ahmedabad Call Girls
 
jabalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
jabalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetjabalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
jabalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Call Girls Service
 
dehradun Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
dehradun Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetdehradun Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
dehradun Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Call Girls Service
 
Bareilly Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Bareilly Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetBareilly Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Bareilly Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Call Girls Service
 
Ernakulam Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ernakulam Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetErnakulam Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ernakulam Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Call Girls Chandigarh
 
palanpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
palanpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetpalanpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
palanpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Call Girls Service
 
Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.
Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.
Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.
ktanvi103
 
Mathura Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Mathura Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetMathura Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Mathura Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Call Girls Service
 
neemuch Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
neemuch Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetneemuch Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
neemuch Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Call Girls Service
 
dhanbad Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
dhanbad Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetdhanbad Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
dhanbad Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Call Girls Service
 
❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...
❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...
❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...
chandigarhentertainm
 
bhopal Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
bhopal Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetbhopal Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
bhopal Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Call Girls Service
 
bhubaneswar Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
bhubaneswar Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetbhubaneswar Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
bhubaneswar Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Call Girls Service
 
Dehradun Call Girls 8854095900 Call Girl in Dehradun Uttrakhand
Dehradun Call Girls 8854095900 Call Girl in Dehradun UttrakhandDehradun Call Girls 8854095900 Call Girl in Dehradun Uttrakhand
Dehradun Call Girls 8854095900 Call Girl in Dehradun Uttrakhand
indiancallgirl4rent
 

Recently uploaded (20)

Vip Call Girls Makarba 👙 6367187148 👙 Genuine WhatsApp Number for Real Meet
Vip Call Girls Makarba 👙 6367187148 👙 Genuine WhatsApp Number for Real MeetVip Call Girls Makarba 👙 6367187148 👙 Genuine WhatsApp Number for Real Meet
Vip Call Girls Makarba 👙 6367187148 👙 Genuine WhatsApp Number for Real Meet
 
Patna Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Patna Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetPatna Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Patna Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Premium Call Girls Bangalore {7304373326} ❤️VVIP POOJA Call Girls in Bangalor...
Premium Call Girls Bangalore {7304373326} ❤️VVIP POOJA Call Girls in Bangalor...Premium Call Girls Bangalore {7304373326} ❤️VVIP POOJA Call Girls in Bangalor...
Premium Call Girls Bangalore {7304373326} ❤️VVIP POOJA Call Girls in Bangalor...
 
Independent Call Girls Hyderabad 💋 9352988975 💋 Genuine WhatsApp Number for R...
Independent Call Girls Hyderabad 💋 9352988975 💋 Genuine WhatsApp Number for R...Independent Call Girls Hyderabad 💋 9352988975 💋 Genuine WhatsApp Number for R...
Independent Call Girls Hyderabad 💋 9352988975 💋 Genuine WhatsApp Number for R...
 
jabalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
jabalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetjabalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
jabalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
dehradun Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
dehradun Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetdehradun Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
dehradun Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Kochi call girls Mallu escort girls available 7877702510
Kochi call girls Mallu escort girls available 7877702510Kochi call girls Mallu escort girls available 7877702510
Kochi call girls Mallu escort girls available 7877702510
 
Bareilly Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Bareilly Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetBareilly Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Bareilly Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Ernakulam Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ernakulam Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetErnakulam Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Ernakulam Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
palanpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
palanpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetpalanpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
palanpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.
Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.
Call Now ☎ 9999965857 !! Call Girls in Hauz Khas Escort Service Delhi N.C.R.
 
Jaipur Call Girls 9257276172 Call Girl in Jaipur Rajasthan
Jaipur Call Girls 9257276172 Call Girl in Jaipur RajasthanJaipur Call Girls 9257276172 Call Girl in Jaipur Rajasthan
Jaipur Call Girls 9257276172 Call Girl in Jaipur Rajasthan
 
Mathura Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Mathura Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetMathura Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Mathura Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
neemuch Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
neemuch Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetneemuch Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
neemuch Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
dhanbad Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
dhanbad Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetdhanbad Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
dhanbad Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Krishnagiri call girls Tamil aunty 7877702510
Krishnagiri call girls Tamil aunty 7877702510Krishnagiri call girls Tamil aunty 7877702510
Krishnagiri call girls Tamil aunty 7877702510
 
❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...
❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...
❤️Call girls in Jalandhar ☎️9876848877☎️ Call Girl service in Jalandhar☎️ Jal...
 
bhopal Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
bhopal Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetbhopal Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
bhopal Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
bhubaneswar Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
bhubaneswar Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetbhubaneswar Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
bhubaneswar Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Dehradun Call Girls 8854095900 Call Girl in Dehradun Uttrakhand
Dehradun Call Girls 8854095900 Call Girl in Dehradun UttrakhandDehradun Call Girls 8854095900 Call Girl in Dehradun Uttrakhand
Dehradun Call Girls 8854095900 Call Girl in Dehradun Uttrakhand
 

Cybersecurity in medical devices

  • 1. Cybersecurity in Medical Devices Post Market Management Safis Solutions
  • 2. The Problem • More and more Medical Devices are being designed to be networked with other patient care systems Ø Networked devices include software that may be vulnerable to cybersecurity threats • Safety and Effectiveness Impact • Risk to Public Health Ø
  • 3. The Impact • Compromised Device Functionality • Loss of Data Availability or Integrity Ø Medical Ø Personal • Exposure of other connected devices or networks to security threats Ø All of the above may lead to potential patient illness, injury, or death
  • 4. Scope • Software containing Medical Devices • Software that is a Medical Device Note: Guidance Not Applicable to Experimental or Investigational Devices
  • 5. The Solution - FDA’s Expectation • Holistic Ø Includes the entire Product Lifecycle of the device – from conception to obsolescence • Not just a point-in-time intervention Ø Continual monitoring, including post market Ø E.g. Monitoring vulnerabilities inadvertently introduced during patch releases • Device Manufacturers responsible Ø Proactive, not reactive, posture expected from manufacturers Ø Active, voluntary participation in an ISAO ISAO: Information Sharing Analysis Organizations, per Executive Order # 13691, released 13th Feb 2015
  • 6. FDA’s Guidance • Cybersecurity for Networked Medical Devices containing OTS Software Ø Jan 14, 2005 • Content of Premarket Submissions for Management of Cybersecurity in Medical Devices Ø Oct 2, 2014 • Post Market Management of Cybersecurity in Medical Devices (Draft) Ø Jan 22, 2016 Purchasing Post market monitoring Design
  • 7. Key Themes • Collaboration • ISAO Participation • Shared Responsibility Ø Cognate terms for collaboration and sharing occur 24 times in the document • Proactive approach • Risk based approach • Essential Clinical Performance Ø This term occurs 58 times in the document Ø Idea borrowed from IEC 60601-1, but ‘clinical’ added in this document You approach your cybersecurity program with this… …to preserve this.
  • 8. Collaboration – Key Communities Healthcare Delivery Organizations (HDOs) Clinical User Community Medical Device Community IT Community ISAO
  • 9. Collaboration – product view User IT System Integrator Health IT Developers IT Vendors Manufacturer ISAO
  • 10. Collaboration • Advantages Ø Sharing of established resources • Standards; Guidelines; Best practices; Frameworks Ø Consistent threat assessment & mitigation • Outputs Ø Develop a Cybersecurity Risk Management Culture Ø Establish a Common Understanding • Goal Ø Device safety is preserved Ø Device effectiveness is not compromised
  • 11. Comprehensive Cybersecurity Program • NIST Framework for improving critical infrastructure cybersecurity Ø Identify Ø Protect Ø Detect Ø Respond Ø Recover • http:// www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.p
  • 12. Identify • Define Essential Clinical Performance • Identify Cybersecurity Signals •
  • 13. Protect / Detect • Assess and Characterize Vulnerability • Analyze Risk (Threat Modeling) • Analyze Threat Sources • Incorporate Threat Detection Capabilities • ‘Impact Assess’ all Devices •
  • 14. Protect / Respond / Recover • Assess Compensating Controls Ø Detect / Respond • Mitigate Risk of Essential Clinical Performance •
  • 15. End Note • The NIST Framework is mentioned here at the very highest level • The purpose of its mention is to simply raise an awareness • A separate slide deck is warranted to delve deeper into what it is and how it can be implemented • Individuals are encouraged to ask questions or provide comments on the FDA guidance on post market management of cybersecurity in medical devices until April 21st of 2016

Editor's Notes

  1. 1
  2. 2
  3. 3
  4. 4 Software includes firmware and/orprogrammable logic
  5. 5
  6. 6 Implications are:responsible purchasing, recognizing cybersecurity issues up front; Cybersecurity as a design consideration; and continual ongoing monitoring of patches post market
  7. 7