Medical

Cyberattacks on medical devices and their Impact

According to the Global Connected Industries Cybersecurity Survey from Swedish software company Irdeto, which has made a worldwide survey including five countries (China, Germany, Japan, Uk and the US) and from 232 security decision makers in organizations in the healthcare sector. The key findings are:

• 82% of healthcare organizations IoMT devices have experienced a cyberattack in the past 12 months. Of those organizations, 3.% report experiencing compromised end-user safety!
• Only 6% of respondents in healthcare (out of 700 respondents) stated that their organization has everything that it needs to tackle cybersecurity.

Regulation & Standards

Regulators are focusing on these cybersecurity challenges and are preparing several guidelines, and regulations to tackle them.

The 2018 FDA Cybersecurity guideline draft put forward a new category for devices, Tier-1 and Tier-2 based on their connectivity and the scale of the patient and end-used harm. Based on that:

• 510K for Tier-1 devices should demonstrate documentation that the design and risk assessment activities precisely followed the FDA requirements.
• Request companies to share their Bill of Material with their customer (to support vulnerability management and incident management processes).

New European regulation has come into place by the EU publishing the MDR (Medical Devices Regulation) and the IVRD (In Vitro Diagnostic Medical Devices Regulation). These regulations enforce cybersecurity during the whole life-cycle of the product. From design phase to deployment and operations

These regulations in the US and the EU shall enforce cybersecurity and privacy in relevant medical devices. To name few law and regulation covering the horizontal domain which is the privacy, we have GDPR in EU, HIPAA in the USA.

Cyber Security as a Business Enabler

As regulation is preventing companies from selling these systems and devices without the right level of security. Companies which comply with these regulations will have a great opportunity to sell their products and to be a supplier for other companies whose regulations are enforced up on them.

Cyber security will be a very important differentiator element for companies searching to align with national and international cyber security regulation.

Challenges & Solution

Healthcare organization will need to have a security a solution to protect their infrastructure through the deployment of an Information Security Management System (ISMS) and their product through the deployment of a security program to enforce the security though the whole life cycle of the product, this include the V-cycle R&D phase, production and manufacturing security and post production security operation.

What do we propose ?

• Supporting your organization in submitting for the FDA Review Process for 510(k) Medical Device Submissions
• Supporting your organization to be conform with The European Union’s (EU) Medical Device Regulation (MDR) – (EU) 2017/745
• Supporting your organization to be conform with The European Union’s (EU) In-Vitro Diagnostic Regulation (IVDR) – (EU) 2017/746
• Supporting you in deploying your ISMS for your infrastructure and your security program for your products
• Implementation security assessment for your products
• Supporting your organization is designing Secure and Reliable Medical devices
• Do Security Design review for your products
• Securing production and flashing processes
• Continuous monitoring and vulnerability management for your products BOM (Bill of Materials)
• Product Security Incident Response team for your products, PSIRT as a Service
• Cybersecurity maintenance for your products
• Penetration testing and Fuzzing testing of your products

And much more !