fbpx
1-888-310-4540 (main) / 1-888-707-6150 (support) info@spkaa.com
Select Page

How Cyber Security Requirements Can Throw your Medical Device Off Track

How Cyber Security Requirements Can Throw your Medical Device Off Track
Written by Mike Solinap
Published on December 12, 2018

In our last article we talked about the four steps your organization must go through when designing secure connected medical devices. With the increasing attention paid to product security in this era of connected medical devices, many companies are scrambling to keep up with recommended cyber security requirements. Cyber security is an area in which many R&D or Quality departments might lack expertise, or simply need additional resources. Delay in the 510(k) can potentially cost your organization hundreds of thousands or even millions of dollars, in addition to a delayed time to market.

New FDA guidelines released in October 2018 instituted a tiered approach for connected medical devices. The draft guidance created a two-tiered approach to approvals:

  • Tier 1 devices are connected devices, whether they connect to the Internet, a LAN or just another medical device. These devices are susceptible to cybersecurity issues.
  • Tier 2 devices are not connected devices and thus inherently secure.

The FDA is putting new connected devices under increased scrutiny due to the unique threats presented by cybersecurity breaches. Indeed, one of the most common reasons for delay or rejection is a failure to properly document cybersecurity measures.

What’s more, the FDA is looking to make yet another round of changes in response to growing outcry that the system for approving medical devices is inadequate. In short, the FDA has come under fire for approving new devices whose predicates are decades old, without the necessary cybersecurity features to secure them for the 21st Century. A documentary, The Bleeding Edge, popular on Netflix, has focused public ire on what many consider an outdated approvals process.

Documentation is of paramount importance, especially with regard to new cybersecurity guidelines. These guidelines are frequently evolving. Your organization must continually be abreast of the changing approvals landscape as it relates to cybersecurity — and so must any organization you partner with.

Documentation for cybersecurity must include all expected and relevant testing. “I promise” statements are no longer allowed. Risk management and assessment for cybersecurity threats must be documented throughout the entire process. Your documentation must include not just what the device does in painful detail, but also how you address any and all cybersecurity threats, both proven and anticipated.

If you don’t have information technology expertise within your R&D or Quality teams, this might be the time where you consider partnering with third party organizations. This can mean the difference between your device being approved and languishing in the FDA approvals process for months — robbing you of your competitive edge.

Our next article will be about the new MITRE document and how it applies to your organization.

Next Steps

Latest White Papers

10 Success Factors of Future-proof Requirements Management

10 Success Factors of Future-proof Requirements Management

Codebeamer is the most Agile Application Management platform on the market. It’s scalable, integrated and supports collaboration - all while offering powerful features across the entire lifecycle. Staying ahead requires more than just cutting-edge tools—it demands a...

Related Resources

The DevOps Starter Guide

The DevOps Starter Guide

DevOps is not just a buzzword; it's a transformative approach that's reshaping the way businesses build, deliver, and secure software. And it's your key to staying ahead in your industry. If you want to get started with DevOps, optimize your software development and...

Why Move to Atlassian Cloud Now?

Why Move to Atlassian Cloud Now?

Staying agile and adaptable is a non-negotiable for businesses looking to survive and thrive. And, that’s regardless of any business size. Embracing the right technologies and platforms is a key component of this adaptability, and Atlassian Cloud is at the forefront...

Exploring the FDA’s Computer Software Assurance Model

Exploring the FDA’s Computer Software Assurance Model

In September 2022, the FDA ushered in a groundbreaking transformation in the medical device industry by unveiling a new draft guidance on software validation titled "Computer Software Assurance for Production and Quality System Software."  For years, the medical...