An op-ed by Robert J. Kerwin
On Tuesday, the International Medical Device Regulators Forum (“IMDRF”) published a final document entitled “Principles and Practices for the Cybersecurity of Legacy Medical Devices".
The IMDRF may be one of the most important forums for medical device regulators you've never have heard of. Its members include medical device regulators from around the world, who have come together on a mission to harmonize regulatory requirements for medical products world-wide. Current IMDRF members include the United States, Canada, European Commission, China, Japan, Australia, Russia, Brazil, Singapore and South Korea. The FDA is active in the IMDRF on behalf of the U.S.
Ad Statistics
Times Displayed: 112448
Times Visited: 6718 MIT labs, experts in Multi-Vendor component level repair of: MRI Coils, RF amplifiers, Gradient Amplifiers Contrast Media Injectors. System repairs, sub-assembly repairs, component level repairs, refurbish/calibrate. info@mitlabsusa.com/+1 (305) 470-8013
In its new guidance, the IMDRF acknowledged that there are many medical devices in use beyond the manufacturers’ intended useful life and that these devices were not designed with the intention of cybersecurity. The document suggests broad best practice and offers context for security spanning the total product life cycle. Among the many recommendations is the recommendation that manufacturers be encouraged in the limited support stage to make arrangements for healthcare providers to receive detailed information on the medical devices impacted by the transition. It will be interesting to learn in the coming months whether there will be adoption of the security principles in the guidance by regulators around the world.
The U.S. Healthcare & Public Health Sector Coordinating Council Guide, released last month and entitled “Health Industry Cybersecurity – Managing Legacy Technology Security,” is
another important publication on the issue of equipment safety, explaining in great detail best practice recommendations in both governance and cyber risk management. The document co-leads include Jessica Wilkerson of the FDA, Ramakrishnan Pillai of LiveNova (formerly with Elekta) and Mike Powers of Intermountain Healthcare.
Furthermore, a discussion of myriad cyber threats confronting the healthcare industry may be found in the
brief but powerful testimony of HSCC Cybersecurity executive director Greg Garcia last month before the U.S. Senate Committee on Homeland Security and Governmental Affairs.
It is clear from Mr. Garcia’s remarks as well as the remarks of the other panelists that cyber threats are rising; the solutions are developing but are not conclusive (especially with the increased use of home and portable devices) and the healthcare industry continues to remain vulnerable. It may be time to delve into the recommendations and educational programs encouraged by these guidances.
About the author: Robert Kerwin is IAMERS general counsel and participated with many other stakeholder representatives in the HSCC Cybersecurity Working Group on Legacy Medical Devices.
