Medical device cybersecurity should be a global concern High-speed internet connectivity has enabled new forms of automation in remote monitoring and care, bringing invaluable benefits to patients and creating an environment where all medical devices connect and communicate via a wired or wireless network. Some key examples include diagnostic machines, infusion pumps, smart pens and even implanted devices. Collecting more sensitive information than before, these medical devices often lack the appropriate cybersecurity protocols that protect their data transfer, storage, and accessibility.
Security incidents threaten patients' safety worldwide, causing diagnostic or therapeutic errors, compromising the safe performance of a device, affecting clinical outcomes or denying a patient access to critical care. Convergence of global efforts for medical device cybersecurity is vital and in progress through the harmonization of medical device regulations in the US and EU, respectively. The harmonization will ensure patient safety while encouraging innovation better to protect medical devices for the foreseeable future.
Medical device cybersecurity needs to be at the forefront of device design and considered throughout the product lifecycle. For new medical devices to be accepted, MDMs need to ensure that devices meet the new premarket cybersecurity requirements. These include embedding security features directly into the product (digital certificates into the silicon for example), applying risk management strategies, conducting threat modeling and penetration security tests, as well as providing helpful information for users to operate the device safely. MDMs should also consider the intended use environment and foreseeable misuse scenarios for each of the pre-market elements.
Other key aspects of premarket cybersecurity requirements include the Software Bill of Materials (SBOM) and an ongoing vulnerability management. A SBOM is a formal record containing the details and supply chain relationships of various components used in building software, enhancing the understanding of the supply chain through the product life cycle. Maintaining SBOMs has critical importance for software inventory, license tracking and vulnerability management, bringing transparency to the software components and connections within and across supply chains. With a proper SBOM in place, weak links – both known and newly emerged – can be discovered and addressed.
I couldn't agree more with your assessment and strategy. Having been in the MDI space for over 20 years, I dare say that when it seems logical to include this technology in the R and D cycle, it is quickly demoted or sidelined for fiscal reasons. Risk assessments have yet to take into account the real world damage that could occur. They just don't know enough to evaluate it.
The good news is that from an innovation space, it has become a topline issue. It's just going to take a while for it to catch up to current design space processes. Keep talking, someone will pay attention.
John Voorhees
PKI Necessity
April 13, 2023 10:30
I couldn't agree more with your assessment and strategy. Having been in the MDI space for over 20 years, I dare say that when it seems logical to include this technology in the R and D cycle, it is quickly demoted or sidelined for fiscal reasons. Risk assessments have yet to take into account the real world damage that could occur. They just don't know enough to evaluate it.
The good news is that from an innovation space, it has become a topline issue. It's just going to take a while for it to catch up to current design space processes. Keep talking, someone will pay attention.
Best,
JDV
to rate and post a comment