Information on Cyber Security to Include in Medical Device Submissions

This training will focus on the new draft guidance document recently released by the FDA on ensuring medical device cybersecurity. Attendees will gain insight into the security activities and documentation that are required to prepare for FDA submissions.

Why Should You Attend:

Addressing the cybersecurity of medical device software can no longer be an afterthought. Manufacturers developing medical devices need to identify security risks, mitigate vulnerabilities, employ patching and update processes, and develop appropriate incident response plans for their medical device products.

The webinar will help designers, software developers, and quality engineers better understand the changing security regulations and increase awareness of the types of vulnerabilities that impact medical devices. The session will promote “security by design” concepts and provide ideas for best-practice security implementations. It will help the attendees understand medical device cybersecurity risks, design of security controls and mitigations and cybersecurity related documentation that the FDA will likely review.

Areas Covered in the Webinar:

• Examples of know cybersecurity vulnerabilities that put patients at risk
• The FDA draft guidance addressing cybersecurity of medical devices, Content of Premarket Submission for Management of Cybersecurity in Medical Devices, and related industry standards
• Responsibilities of Device Manufacturers to ensure Confidentiality, Integrity, and Accessibility Control and examples of what needs to be included in software development and a submission regarding each of these. These concepts fulfill the NIST notion of “Secure by Design.”
• Cybersecurity activities and deliverables that become part of the medical device technical file and FDA submission
• Questions and answers

Who Will Benefit:

• Software engineers who need to understand what the regulatory requirements are for the development of secure medical device software.
• Regulatory affairs professionals who need to understand the cybersecurity related documentation that should be included in technical files and FDA submissions.
• Security professions who are responsible for defining and documenting security functional requirements and providing input to software quality assurance for testing.
• Software quality assurance that needs to design tests to demonstrate and generate evidence that the cybersecurity requirements are met.

Instructor Profile:

Ken Stineman, is the Founder and CTO of Double Helix LLC, located in San Jose, California. Double-Helix provides technical and security advisory services and resources for life-science and personalized medicine companies. Mr. Stineman has focused on providing guidance in health information security and privacy, HIPAA and HITECH compliance, vulnerability assessment, gap analysis, and defense-in-depth to ensure the confidentiality and integrity of patient information.