On December 28th, 2010 FDA issued industry guidance for Postmarket Management of Cybersecurity in Medical Devices. FDA requires that medical device manufacturers address all risks, including cybersecurity risk.
Here are a few tips you can take during development reduce the risk of a cybersecurity breach:
1) Incorporate cybersecurity into your risk management procedures, such as hazard analysis and DFMEA.
2) Review all interfaces, internal and external for intentional and unintentional cybersecurity risks (user, hardware, software, etc.)
3) Review all third-party software including operating systems for intentional and unintentional cybersecurity risks
4) Review all procedures for intentional and unintentional cybersecurity risks
5) Document risk control measures in the form of requirements
6) Implement risk control measures within the design
7) Verify all risk control measures during development, prior to launch and periodically
8) Continuously assess risk control measure effectiveness
9) Define sustaining plan to support software upgrades and operating system patches
10) Provide your customers with guidance and recommended cybersecurity controls
11) Define company strategy on how to handle a customer breach – covering reporting, investigation, communication and corrective action
12) Take cybersecurity seriously
Note: The FDA typically will not need to review or approve medical device software changes made solely to decrease the risk of cybersecurity breaches.
Recent cybersecurity concerns:
References:Tips to reduce the risk of a cybersecurity breach
© 2021 BeanStock Ventures