Eliminating Misconceptions of Cybersecurity

What the FDA Actually Says About Medical Device Cybersecurity

Medical devices, like other computer systems, can be vulnerable to security breaches- potentially impacting the safety and effectiveness of the device. As medical devices are increasingly connected to the Internet, hospital networks, and to other medical devices, this vulnerability becomes more prevalent. With cybersecurity breaches becoming more and more publicized, the concern around medical device cybersecurity has become more mainstream than ever.

“In the past, government regulators were not very vocal about their concerns around data security in devices. That has changed significantly over the last 18 months.” Mike Kijewski, CEO of MedCrypt explained to Q1 Productions. “Device vendors need to have a well-articulated and executed security strategy to ensure that products in their development pipelines will make it to market without regulatory problems.”

All medical devices carry a certain amount of risk. The FDA allows devices to be marketed when there is a reasonable assurance that the benefits to patients outweigh the risks. So what exactly does that mean? The FDA post-market final guidance was released in December, and since then they have published resources to dispel myths about cybersecurity. Here are five common myths and misconceptions the FDA wants you to know about.

Myth: The FDA is the only federal government agency responsible for the cybersecurity of medical devices.

What the FDA says: “The FDA works closely with several federal government agencies including the U.S. Department of Homeland Security (DHS), members of the private sector, medical device manufacturers, health care delivery organizations, security researchers, and end users to increase the security of the U.S. critical cyber infrastructure.”

Myth: Cybersecurity for medical devices is optional.

What the FDA says: “Medical device manufacturers must comply with federal regulations. Part of those regulations, called quality system regulations (QSRs), requires that medical device manufacturers address all risks, including cybersecurity risk. The pre- and post- market cybersecurity guidances provide recommendations for meeting QSRs.”

Myth: Health care Delivery Organizations (HDOs) can’t update and patch medical devices for cybersecurity.

What the FDA says: “The FDA recognizes that HDOs are responsible for implementing devices on their networks and may need to patch or change devices and/or supporting infrastructure to reduce security risks. Recognizing that changes require risk assessment, the FDA recommends working closely with medical device manufacturers to communicate changes that are necessary.”

Myth: The FDA tests medical devices for cybersecurity.

What the FDA says: “The FDA does not conduct premarket testing for medical products. Testing is the responsibility of the medical product manufacturer.”

Myth: Companies that manufacture off-the-shelf (OTS) software used in medical devices are responsible for validating its secure use in medical devices.

What the FDA says: “The medical device manufacturer chooses to use OTS software, thus bearing responsibility for the security as well as the safe and effective performance of the medical device.”

To discuss other cybersecurity concerns, Q1 Productions is hosting the 2nd Annual Medical Device Cybersecurity Risk Mitigation Conference on July 17-18 in Arlington, Virginia. There will be regulator perspectives (FDA), security organizations (ISAO, NH-ISAC), and industry leaders coming together to provide insights on the evolving space of medical device cybersecurity. It will be a very interactive conference with solo presentations, co-presentations, fireside chats, panels, and open discussions.

At Veranex, we can help you with concept through to commercialization by enabling:
• Accelerated speed to market
• Controlled development costs
• Development risk mitigation
• Market viability assessment

At every stage, we navigate our clients to realize efficiencies in cost and time with our integrated and comprehensive solutions.

Visit Sponsor Website

Since TrainingPros was founded in 1997, we have been dedicated to helping our clients find the right consultant for their projects. 25 years later, we are proud to have helped hundreds of clients complete their projects and thousands of consultants find great assignments. We continue to focus on helping our clients and consultants as well as our community as a certified women-owned, award-winning staffing company that works exclusively with Learning & Development professionals to match consultants to client projects.

Visit Sponsor Website

TELCOR is the proven leader of health care software solutions for revenue cycle management (RCM) software and services designed specifically for laboratories. TELCOR RCM, our SaaS solution, and TELCOR Revenue Cycle Services, our billing service, are designed to streamline workflow, improve collections, and provide real-time analytics. Our software and service solutions are designed for the unique challenges and requirements of laboratory specialties and the clients they serve. With full access to data, labs have complete visibility of their data and can track key performance indicators. No other vendor works as hard ensuring you get paid for the work you do.

Visit Sponsor Website

At Tipping Point Media, we pride ourselves on developing innovative, creative, and technically advanced virtual training and digital marketing solutions for the life sciences industry.

We push the limits of what's possible using Augmented and Virtual Reality to create revolutionary experiences proven to increase audience engagement and retention rates.

Our dedicated team of educators, medical experts, certified programmers, and digital renaissance innovators are committed to creating high-quality custom creations that bring your company's vision to life.

Visit Sponsor Website

VantagePoint Performance trains Salespeople to be more fluent and comfortable across different situations needing different sales approaches, and we train Sales Managers to be better coaches and team leaders, with more focus and less stress.

We’re different from the average sales training company because:

We don’t believe that one approach, one system, or one methodology is absolutely superior. All have something to offer, and the “best approach” or “best system” depends on the sales situation. This is what our applied, academic research tells us.
Our use of data science, specifically Machine Learning, helps us learn about our clients more meaningfully. We provide insights from each client’s data to help them understand what drives the success of their top-performing Salespeople and Sales Managers.
We are constantly feeding what we learn back into our training products, and we invest a bigger slice of our total energy into this innovation than the average sales training company. Our clients can access always-refreshed intellectual property and content through our training subscriptions.

Visit Sponsor Website

Policy Reporter, acquired by TrialCard in 2019, provides innovative healthcare software solutions to track payer policies in near real-time and enhances market access for the therapies patients need most. The company’s patented software-driven solutions include a suite of billing and reimbursement tools for providers and laboratories, market intelligence tools for payers, and a suite of market access solutions for life science companies. Its clients include some of the world’s largest pharmaceutical and healthcare companies.

Visit Sponsor Website