How to build up cybersecurity for medical devices

2020-10-12 05:00

Healthcare delivery organizations have started demanding better security from medical device manufacturers, he says, and many have implemented secure procurement processes and contract language for MDMs that address the cybersecurity of the device itself, secure installation, cybersecurity support for the life of the product in the field, liability for breaches caused by a device not following current best practice, ongoing support for events in the field, and so on.

Gates is a principal security architect at Velentium and one of the authors of the recently released Medical Device Cybersecurity for Engineers and Manufacturers, a comprehensive guide to medical device secure lifecycle management, aimed at engineers, managers, and regulatory specialists.

In this interview, he shares his knowledge regarding the cybersecurity mistakes most often made by manufacturers, on who is targeting medical devices, his view on medical device cybersecurity standards and initiatives, and more.

While the US has had the Food and Drug Administration refining its medical device cybersecurity position since 2005, others are more recent entrants into this type of regulation, including Japan, China, Germany, Singapore, South Korea, Australia, Canada, France, Saudi Arabia, and the greater EU. While all of these regulations have the same goal of securing medical devices, how they get there is anything but harmonized among them.

One thing is certain: legacy medical devices that can't be secured will only go away when we can replace them with new medical devices that are secure by design.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/cNctSXTjY6s/

#cybersecurity