1-888-310-4540 (main) / 1-888-707-6150 (support) info@spkaa.com
Select Page

How Cyber Security Requirements Can Throw your Medical Device Off Track

How Cyber Security Requirements Can Throw your Medical Device Off Track
Published by Mike Solinap
on December 12, 2018

In our last article we talked about the four steps your organization must go through when designing secure connected medical devices. With the increasing attention paid to product security in this era of connected medical devices, many companies are scrambling to keep up with recommended cyber security requirements. Cyber security is an area in which many R&D or Quality departments might lack expertise, or simply need additional resources. Delay in the 510(k) can potentially cost your organization hundreds of thousands or even millions of dollars, in addition to a delayed time to market.

New FDA guidelines released in October 2018 instituted a tiered approach for connected medical devices. The draft guidance created a two-tiered approach to approvals:

  • Tier 1 devices are connected devices, whether they connect to the Internet, a LAN or just another medical device. These devices are susceptible to cybersecurity issues.
  • Tier 2 devices are not connected devices and thus inherently secure.

The FDA is putting new connected devices under increased scrutiny due to the unique threats presented by cybersecurity breaches. Indeed, one of the most common reasons for delay or rejection is a failure to properly document cybersecurity measures.

What’s more, the FDA is looking to make yet another round of changes in response to growing outcry that the system for approving medical devices is inadequate. In short, the FDA has come under fire for approving new devices whose predicates are decades old, without the necessary cybersecurity features to secure them for the 21st Century. A documentary, The Bleeding Edge, popular on Netflix, has focused public ire on what many consider an outdated approvals process.

Documentation is of paramount importance, especially with regard to new cybersecurity guidelines. These guidelines are frequently evolving. Your organization must continually be abreast of the changing approvals landscape as it relates to cybersecurity — and so must any organization you partner with.

Documentation for cybersecurity must include all expected and relevant testing. “I promise” statements are no longer allowed. Risk management and assessment for cybersecurity threats must be documented throughout the entire process. Your documentation must include not just what the device does in painful detail, but also how you address any and all cybersecurity threats, both proven and anticipated.

If you don’t have information technology expertise within your R&D or Quality teams, this might be the time where you consider partnering with third party organizations. This can mean the difference between your device being approved and languishing in the FDA approvals process for months — robbing you of your competitive edge.

Our next article will be about the new MITRE document and how it applies to your organization.

Next Steps

Latest White Papers

The Ultimate Jira Data Protection

The Ultimate Jira Data Protection

Remote work is here to stay, and companies are turning to cloud-based solutions to support their teams. Atlassian's suite of products is a top choice for businesses worldwide. But, many businesses are still unsure about its built-in data protection capabilities....

Related Resources

Best CloudBees Jenkins Platform Alternatives

Best CloudBees Jenkins Platform Alternatives

Change is on the horizon for organizations relying on the CloudBees Jenkins Platform (CJP). With CJP now designated as a legacy product, a migration to CloudBees CI or an alternative CI solution is imperative. In this blog post, we will cover the ‘need-to-know’ info...

How To Reduce Cybersecurity Risks For Remote Workers

How To Reduce Cybersecurity Risks For Remote Workers

Remote working is an effective way to keep your business running 24/7, mitigate downtime and tap into new markets or expertise. Now, the world is flooded with companies utilizing remote work, digital nomads and gig workers to keep their competitive edge. But, the rise...