October is National Cyber Security Awareness Month which is an annual campaign to raise awareness about cybersecurity. Cybersecurity threats and vulnerabilities in the Medical Device world can come from a broad range of attack surfaces. Vulnerabilities in the product software, third-party components, customer installations, user interactions, and the product supply chain are a few examples that come to mind. Securing our nations critical infrastructure including the medical products we rely-on a daily basis should be a top priority in today’s “Internet of Medical Things”.
Qualified Data Systems ask that you participate in National Cyber Security Awareness Month by reviewing your company’s preparedness. A few simple key questions to help you get started include:
- Do we design our software-driven medical products with both security and safety in mind?
- Do we incorporate product security requirements directly into our software development processes?
- What training or education does my company provide in the area of Cybersecurity?
- How can we develop secure code for our products?
- Do we have procedures in place to handle any product security related incidents?
- Have we accessed the risks to patient safety, product quality, or data integrity from potential cybersecurity threats or vulnerabilities?
- How can we effectively monitor our products for cyber events?
- How do we demonstrate compliance to FDA Cybersecurity guidance?
In October, as part of National Cybersecurity Month, QDS will publish a series of weekly themed articles to help Medical Devices manufacturers understand the scope of Cybersecurity and how to establish a program to ensure that all your software-driven medical products are both safe and secure.
Our 2016 Medical Device Cybersecurity Weekly Themes are:
- Week 1: October 3-7, 2016 – Overview of Cyber Security for Medical Device Manufacturers
- Week 2: October 10-14, 2016 – Securing Medical Devices starts in Product Development
- Week 3: October 17-21, 2016 – Effective Cyber Risk Management Activities
- Week 4: October 24-28, 2016 – Assessing Cyber Security Supply Chain Risks
- Week 5: October 31, 2016 – Cyber Security Premarket Submission requirements
Please visit us throughout the month of October as we share tips, resources, and our medical device experience in promoting safety and security for our nation’s critical infrastructure.