Uploaded bySafisSolutions
ODP, PPTX1,108 views

Cybersecurity in medical devices

The document discusses the challenges of cybersecurity in networked medical devices, highlighting the potential risks to patient safety and public health due to vulnerabilities. It emphasizes the FDA's expectations for a holistic, proactive approach to post-market management, involving collaboration among various stakeholders in the healthcare sector. Key themes include continuous monitoring, risk assessment, and shared responsibility to ensure device safety and effectiveness.

Embed presentation

Download as ODP, PPTX
Cybersecurity in Medical Devices Post Market Management Safis Solutions
The Problem • More and more Medical Devices are being designed to be networked with other patient care systems Ø Networked devices include software that may be vulnerable to cybersecurity threats • Safety and Effectiveness Impact • Risk to Public Health Ø
The Impact • Compromised Device Functionality • Loss of Data Availability or Integrity Ø Medical Ø Personal • Exposure of other connected devices or networks to security threats Ø All of the above may lead to potential patient illness, injury, or death
Scope • Software containing Medical Devices • Software that is a Medical Device Note: Guidance Not Applicable to Experimental or Investigational Devices
The Solution - FDA’s Expectation • Holistic Ø Includes the entire Product Lifecycle of the device – from conception to obsolescence • Not just a point-in-time intervention Ø Continual monitoring, including post market Ø E.g. Monitoring vulnerabilities inadvertently introduced during patch releases • Device Manufacturers responsible Ø Proactive, not reactive, posture expected from manufacturers Ø Active, voluntary participation in an ISAO ISAO: Information Sharing Analysis Organizations, per Executive Order # 13691, released 13th Feb 2015
FDA’s Guidance • Cybersecurity for Networked Medical Devices containing OTS Software Ø Jan 14, 2005 • Content of Premarket Submissions for Management of Cybersecurity in Medical Devices Ø Oct 2, 2014 • Post Market Management of Cybersecurity in Medical Devices (Draft) Ø Jan 22, 2016 Purchasing Post market monitoring Design
Key Themes • Collaboration • ISAO Participation • Shared Responsibility Ø Cognate terms for collaboration and sharing occur 24 times in the document • Proactive approach • Risk based approach • Essential Clinical Performance Ø This term occurs 58 times in the document Ø Idea borrowed from IEC 60601-1, but ‘clinical’ added in this document You approach your cybersecurity program with this… …to preserve this.
Collaboration – Key Communities Healthcare Delivery Organizations (HDOs) Clinical User Community Medical Device Community IT Community ISAO
Collaboration – product view User IT System Integrator Health IT Developers IT Vendors Manufacturer ISAO
Collaboration • Advantages Ø Sharing of established resources • Standards; Guidelines; Best practices; Frameworks Ø Consistent threat assessment & mitigation • Outputs Ø Develop a Cybersecurity Risk Management Culture Ø Establish a Common Understanding • Goal Ø Device safety is preserved Ø Device effectiveness is not compromised
Comprehensive Cybersecurity Program • NIST Framework for improving critical infrastructure cybersecurity Ø Identify Ø Protect Ø Detect Ø Respond Ø Recover • http:// www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.p
Identify • Define Essential Clinical Performance • Identify Cybersecurity Signals •
Protect / Detect • Assess and Characterize Vulnerability • Analyze Risk (Threat Modeling) • Analyze Threat Sources • Incorporate Threat Detection Capabilities • ‘Impact Assess’ all Devices •
Protect / Respond / Recover • Assess Compensating Controls Ø Detect / Respond • Mitigate Risk of Essential Clinical Performance •
End Note • The NIST Framework is mentioned here at the very highest level • The purpose of its mention is to simply raise an awareness • A separate slide deck is warranted to delve deeper into what it is and how it can be implemented • Individuals are encouraged to ask questions or provide comments on the FDA guidance on post market management of cybersecurity in medical devices until April 21st of 2016

More Related Content

PDF
Risk Management for Medical Devices - ISO 14971 Overview
byGreenlight Guru
 
PPTX
THE FDA and Medical Device Cybersecurity Guidance
byPam Gilmore
 
PPTX
Breakout Session: Cybersecurity in Medical Devices
byHealthegy
 
PDF
Secure Your Medical Devices From the Ground Up
byICS
 
PDF
Understanding IEC 62304
byMethodSense, Inc.
 
PPTX
CyberSecurity Medical Devices
bySuresh Mandava
 
PDF
An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...
byGreenlight Guru
 
PPTX
Cybersecurity in Medical Devices
bySheersha Pramanik 🇮🇳
 
Risk Management for Medical Devices - ISO 14971 Overview
byGreenlight Guru
 
THE FDA and Medical Device Cybersecurity Guidance
byPam Gilmore
 
Breakout Session: Cybersecurity in Medical Devices
byHealthegy
 
Secure Your Medical Devices From the Ground Up
byICS
 
Understanding IEC 62304
byMethodSense, Inc.
 
CyberSecurity Medical Devices
bySuresh Mandava
 
An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...
byGreenlight Guru
 
Cybersecurity in Medical Devices
bySheersha Pramanik 🇮🇳
 

What's hot

PPTX
Medical Devices Regulation (MDR) 2017/745 - Conformity assessment
byArete-Zoe, LLC
 
PPTX
Medical Devices Regulation (MDR) 2017/745 - Part II Placing devices on EU ma...
byArete-Zoe, LLC
 
PPTX
Iso 13485:2016
bySuhas R
 
PPTX
Qms ISO 13485 2016 short overview
byRohitParkale
 
PDF
FDA Regulations and Medical Device Pathways to Market
byMethodSense, Inc.
 
PPTX
CE marking.pptx
byAartiVats5
 
PPTX
ISO 13485: Quality Management System for Medical Device
byMananShah147368
 
PDF
IEC 62304 Action List
byMethodSense, Inc.
 
PDF
Computer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
byGreenlight Guru
 
PDF
EU MDR Preparation: Seize the Market Opportunity and Avoid the Bottleneck
byApril Bright
 
PDF
FDA Focus on Design Controls
byApril Bright
 
PDF
IEC 62304: SDLC Conformance and Management
byMethodSense, Inc.
 
PPTX
Medical Device Regulation (MDR) overview for Technion, May 25, 2021
byLevi Shapiro
 
PPTX
EU MDR
byRohitParkale
 
PDF
FDA’s approach to regulation of in vitro diagnostic tests
byMaRS Discovery District
 
PPTX
ISO-13485-2016.pptx
byPradeepa J
 
PDF
MDD 93/42/EEC
byPavan Kumar Malwade
 
PPTX
Medical device design guidlines
bySuhas R
 
PDF
Considerations to Extractables and Leachables Testing
bySGS
 
PDF
Implementing a Global Unique Device Identification (UDI) Solution: Regional U...
byGreenlight Guru
 
Medical Devices Regulation (MDR) 2017/745 - Conformity assessment
byArete-Zoe, LLC
 
Medical Devices Regulation (MDR) 2017/745 - Part II Placing devices on EU ma...
byArete-Zoe, LLC
 
Iso 13485:2016
bySuhas R
 
Qms ISO 13485 2016 short overview
byRohitParkale
 
FDA Regulations and Medical Device Pathways to Market
byMethodSense, Inc.
 
CE marking.pptx
byAartiVats5
 
ISO 13485: Quality Management System for Medical Device
byMananShah147368
 
IEC 62304 Action List
byMethodSense, Inc.
 
Computer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
byGreenlight Guru
 
EU MDR Preparation: Seize the Market Opportunity and Avoid the Bottleneck
byApril Bright
 
FDA Focus on Design Controls
byApril Bright
 
IEC 62304: SDLC Conformance and Management
byMethodSense, Inc.
 
Medical Device Regulation (MDR) overview for Technion, May 25, 2021
byLevi Shapiro
 
EU MDR
byRohitParkale
 
FDA’s approach to regulation of in vitro diagnostic tests
byMaRS Discovery District
 
ISO-13485-2016.pptx
byPradeepa J
 
MDD 93/42/EEC
byPavan Kumar Malwade
 
Medical device design guidlines
bySuhas R
 
Considerations to Extractables and Leachables Testing
bySGS
 
Implementing a Global Unique Device Identification (UDI) Solution: Regional U...
byGreenlight Guru
 

Viewers also liked

PDF
Collaborative Approaches for Medical Device & Healthcare Cybersecurity
byDr Dev Kambhampati
 
ODP
Cybersecurity in medical devices
bySafisSolutions
 
PDF
Fonti di prova digitali
byGennaro Esposito
 
PDF
Corso di Alta Specializzazione in AFFARI REGOLATORI
byAlma Laboris
 
PDF
FDA Cybersecurity Recommendations to Comply with NIST - Wearables Crash Cours...
byEpstein Becker Green
 
PDF
2016FRAMEWORK NAZIONALEBALDONIXWEB
byRoberto Baldoni
 
PPTX
아이돌인턴왕
byChance Koh
 
PPTX
SolarWinds Federal Cybersecurity Survey 2016
bySolarWinds
 
PPTX
Discorso cybersecurity
byGiulioTerzi
 
PDF
Presentazione Italian Cybersecurity Report 2016: I controlli essenziali di si...
byRoberto Baldoni
 
Collaborative Approaches for Medical Device & Healthcare Cybersecurity
byDr Dev Kambhampati
 
Cybersecurity in medical devices
bySafisSolutions
 
Fonti di prova digitali
byGennaro Esposito
 
Corso di Alta Specializzazione in AFFARI REGOLATORI
byAlma Laboris
 
FDA Cybersecurity Recommendations to Comply with NIST - Wearables Crash Cours...
byEpstein Becker Green
 
2016FRAMEWORK NAZIONALEBALDONIXWEB
byRoberto Baldoni
 
아이돌인턴왕
byChance Koh
 
SolarWinds Federal Cybersecurity Survey 2016
bySolarWinds
 
Discorso cybersecurity
byGiulioTerzi
 
Presentazione Italian Cybersecurity Report 2016: I controlli essenziali di si...
byRoberto Baldoni
 

Similar to Cybersecurity in medical devices

PPTX
schwartz_cdrh_medicaldevicecybersecurityucsf_w.pptx
bygrajchittapur
 
PPTX
Understanding Risk Management & Cyber security Principles in Medical Devices
byKeerthi Gunasekaran
 
PPTX
Secure Software Development Best Practices
byJoe Orlando
 
PPTX
How Medical Devices Risk Patient Safety and Security
byGreat Bay Software
 
PDF
Clinical Risk Management
byMedigate
 
PDF
Medical device security presentation - Frank Siepmann
byFrank Siepmann
 
PDF
Medical Device Cybersecurity : A Regulatory Perspective
byJon Lendrum
 
PDF
8 Mandatory Security Control Categories for Successful Submissions
byICS
 
DOCX
5 Ways to Be Vigilant for your Medical Devices from a Cybersecurity Perspective
byEMMAIntl
 
PDF
313 – Security Challenges in Healthcare IoT - ME
byEQS Group
 
PDF
The FDA and BYOD, Mobile and Fixed Medical Device Cybersecurity
byValdez Ladd MBA, CISSP, CISA,
 
PDF
The fda and byod mobile and fixed medical device cybersecurity[1]
byPam Gilmore
 
PDF
Medical Security [EN] .pdf
bySnarky Security
 
PDF
Medical Device Cybersecurity Threat & Risk Scoring
byICS
 
PDF
Medical Device Cybersecurity Threat & Risk Scoring
byICS
 
PDF
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
byICS
 
PDF
Safeguard Your Medical Devices from Cyber Threats
byICS
 
PDF
Practical Advice for FDA’s 510(k) Requirements.pdf
byICS
 
PDF
Threat Modeling and Risk Assessment Webinar.pdf
byICS
 
PDF
Cyber Alert FDA Issues New Cybersecurity Guidelines for Medical Device Manufa...
byRyan Starkes
 
schwartz_cdrh_medicaldevicecybersecurityucsf_w.pptx
bygrajchittapur
 
Understanding Risk Management & Cyber security Principles in Medical Devices
byKeerthi Gunasekaran
 
Secure Software Development Best Practices
byJoe Orlando
 
How Medical Devices Risk Patient Safety and Security
byGreat Bay Software
 
Clinical Risk Management
byMedigate
 
Medical device security presentation - Frank Siepmann
byFrank Siepmann
 
Medical Device Cybersecurity : A Regulatory Perspective
byJon Lendrum
 
8 Mandatory Security Control Categories for Successful Submissions
byICS
 
5 Ways to Be Vigilant for your Medical Devices from a Cybersecurity Perspective
byEMMAIntl
 
313 – Security Challenges in Healthcare IoT - ME
byEQS Group
 
The FDA and BYOD, Mobile and Fixed Medical Device Cybersecurity
byValdez Ladd MBA, CISSP, CISA,
 
The fda and byod mobile and fixed medical device cybersecurity[1]
byPam Gilmore
 
Medical Security [EN] .pdf
bySnarky Security
 
Medical Device Cybersecurity Threat & Risk Scoring
byICS
 
Medical Device Cybersecurity Threat & Risk Scoring
byICS
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
byICS
 
Safeguard Your Medical Devices from Cyber Threats
byICS
 
Practical Advice for FDA’s 510(k) Requirements.pdf
byICS
 
Threat Modeling and Risk Assessment Webinar.pdf
byICS
 
Cyber Alert FDA Issues New Cybersecurity Guidelines for Medical Device Manufa...
byRyan Starkes
 

Recently uploaded

PPTX
DIABETIC RETINOPATHY DIABETIC RETINOPATHY
byMeghna Verma
 
PPTX
Physiology of Micturition, Unit 9 Renal System
byKeertis1
 
PDF
Beyond Clinical Validation Medtech Commercialization Gaps.pdf
byStellarix
 
PPTX
Is Surgery Right for You? Identifying Candidates for Orthognathic Procedures.
byMiami Orthodontist Group
 
PPTX
Non-Fluoridated Remineralizing Agents1.pptx
bysukanyagattu5
 
PPTX
Pulmonary TB by Rakhi Rana.pptx for medical and nursing students
bypavitra8057
 
PDF
Learning About Hormones Before Menopause
byHummingbird Healthcare
 
PPTX
PPT presentation on Gairikadya malaahara
byShreeyashSalunke1
 
PPTX
Hospital-Administrative-Statistics- advanced II
byEphy .
 
PPTX
Unit-5 Introduction To Rational Drug Use
byDr Aman Suresh Tharayil
 
PPTX
Dhatu_dhatu_mala_Presentation_BAMS_1st_proff.pptx
bysoniakarali114
 
PPTX
NVHCP National Viral Hepatitis Control Programme.pptx
bySumitSharma926845
 
PDF
Fitness and Strength. Easy yet effective steps to a healthier and happier life.
byDr. Mahnoor
 
PPTX
Vesico-vaginal fistula & Recto-vaginal fistula
byKeertis1
 
PPTX
50 Hrs - Yoga & Dialectical Behaviour Therapy (YDBT) Teacher Training Certifi...
byKaruna Yoga Vidya Peetham
 
PDF
Top 10 AI Healthcare Agents to Build in 2026 | Future Healthcare AI
byGradious AI
 
PPTX
Common Dental Treatments Kids Need at Every Age (0–12 Years).
bySweet Tooth Pediatric Dentistry
 
PPT
Mind Sound Resonance Technique (MSRT) Ma.ppt
byKaruna Yoga Vidya Peetham
 
PDF
Understanding Hair Loss: Causes, Solutions, and Healthy Hair Strategies
byaddictivemedia143
 
PDF
“Process and Importance of Hospital Planning”
bySutirthaMandal
 
DIABETIC RETINOPATHY DIABETIC RETINOPATHY
byMeghna Verma
 
Physiology of Micturition, Unit 9 Renal System
byKeertis1
 
Beyond Clinical Validation Medtech Commercialization Gaps.pdf
byStellarix
 
Is Surgery Right for You? Identifying Candidates for Orthognathic Procedures.
byMiami Orthodontist Group
 
Non-Fluoridated Remineralizing Agents1.pptx
bysukanyagattu5
 
Pulmonary TB by Rakhi Rana.pptx for medical and nursing students
bypavitra8057
 
Learning About Hormones Before Menopause
byHummingbird Healthcare
 
PPT presentation on Gairikadya malaahara
byShreeyashSalunke1
 
Hospital-Administrative-Statistics- advanced II
byEphy .
 
Unit-5 Introduction To Rational Drug Use
byDr Aman Suresh Tharayil
 
Dhatu_dhatu_mala_Presentation_BAMS_1st_proff.pptx
bysoniakarali114
 
NVHCP National Viral Hepatitis Control Programme.pptx
bySumitSharma926845
 
Fitness and Strength. Easy yet effective steps to a healthier and happier life.
byDr. Mahnoor
 
Vesico-vaginal fistula & Recto-vaginal fistula
byKeertis1
 
50 Hrs - Yoga & Dialectical Behaviour Therapy (YDBT) Teacher Training Certifi...
byKaruna Yoga Vidya Peetham
 
Top 10 AI Healthcare Agents to Build in 2026 | Future Healthcare AI
byGradious AI
 
Common Dental Treatments Kids Need at Every Age (0–12 Years).
bySweet Tooth Pediatric Dentistry
 
Mind Sound Resonance Technique (MSRT) Ma.ppt
byKaruna Yoga Vidya Peetham
 
Understanding Hair Loss: Causes, Solutions, and Healthy Hair Strategies
byaddictivemedia143
 
“Process and Importance of Hospital Planning”
bySutirthaMandal
 

Cybersecurity in medical devices

  • 1.
    Cybersecurity in Medical Devices PostMarket Management Safis Solutions
  • 2.
    The Problem • Moreand more Medical Devices are being designed to be networked with other patient care systems Ø Networked devices include software that may be vulnerable to cybersecurity threats • Safety and Effectiveness Impact • Risk to Public Health Ø
  • 3.
    The Impact • CompromisedDevice Functionality • Loss of Data Availability or Integrity Ø Medical Ø Personal • Exposure of other connected devices or networks to security threats Ø All of the above may lead to potential patient illness, injury, or death
  • 4.
    Scope • Software containingMedical Devices • Software that is a Medical Device Note: Guidance Not Applicable to Experimental or Investigational Devices
  • 5.
    The Solution -FDA’s Expectation • Holistic Ø Includes the entire Product Lifecycle of the device – from conception to obsolescence • Not just a point-in-time intervention Ø Continual monitoring, including post market Ø E.g. Monitoring vulnerabilities inadvertently introduced during patch releases • Device Manufacturers responsible Ø Proactive, not reactive, posture expected from manufacturers Ø Active, voluntary participation in an ISAO ISAO: Information Sharing Analysis Organizations, per Executive Order # 13691, released 13th Feb 2015
  • 6.
    FDA’s Guidance • Cybersecurityfor Networked Medical Devices containing OTS Software Ø Jan 14, 2005 • Content of Premarket Submissions for Management of Cybersecurity in Medical Devices Ø Oct 2, 2014 • Post Market Management of Cybersecurity in Medical Devices (Draft) Ø Jan 22, 2016 Purchasing Post market monitoring Design
  • 7.
    Key Themes • Collaboration •ISAO Participation • Shared Responsibility Ø Cognate terms for collaboration and sharing occur 24 times in the document • Proactive approach • Risk based approach • Essential Clinical Performance Ø This term occurs 58 times in the document Ø Idea borrowed from IEC 60601-1, but ‘clinical’ added in this document You approach your cybersecurity program with this… …to preserve this.
  • 8.
    Collaboration – Key Communities Healthcare Delivery Organizations (HDOs) ClinicalUser Community Medical Device Community IT Community ISAO
  • 9.
    Collaboration – productview User IT System Integrator Health IT Developers IT Vendors Manufacturer ISAO
  • 10.
    Collaboration • Advantages Ø Sharingof established resources • Standards; Guidelines; Best practices; Frameworks Ø Consistent threat assessment & mitigation • Outputs Ø Develop a Cybersecurity Risk Management Culture Ø Establish a Common Understanding • Goal Ø Device safety is preserved Ø Device effectiveness is not compromised
  • 11.
    Comprehensive Cybersecurity Program • NISTFramework for improving critical infrastructure cybersecurity Ø Identify Ø Protect Ø Detect Ø Respond Ø Recover • http:// www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.p
  • 12.
    Identify • Define EssentialClinical Performance • Identify Cybersecurity Signals •
  • 13.
    Protect / Detect •Assess and Characterize Vulnerability • Analyze Risk (Threat Modeling) • Analyze Threat Sources • Incorporate Threat Detection Capabilities • ‘Impact Assess’ all Devices •
  • 14.
    Protect / Respond/ Recover • Assess Compensating Controls Ø Detect / Respond • Mitigate Risk of Essential Clinical Performance •
  • 15.
    End Note • TheNIST Framework is mentioned here at the very highest level • The purpose of its mention is to simply raise an awareness • A separate slide deck is warranted to delve deeper into what it is and how it can be implemented • Individuals are encouraged to ask questions or provide comments on the FDA guidance on post market management of cybersecurity in medical devices until April 21st of 2016

Editor's Notes

  • #2 1
  • #3 2
  • #4 3
  • #5 4 Software includes firmware and/orprogrammable logic
  • #6 5
  • #7 6 Implications are:responsible purchasing, recognizing cybersecurity issues up front; Cybersecurity as a design consideration; and continual ongoing monitoring of patches post market
  • #8 7