Which leads to fines in the millions of dollars per intrusion

Developments in the area of medical device software –i.e., the software that is put to use in medical devices –have been taking place at such a torrid pace that regulatory agencies such as the FDA have been unable to keep pace with them. Almost invariably, every development in medical device software brings about a new level of complexity.

Also, the classification of the device is another factor the FDA and other regulatory agencies have had to contend with: Different regulations have to be made depending on whether the software in medical devices is to be classified as a device itself, is used to alter the performance of the device, or is used for computing values. The inability of the regulatory agencies to catch up with the speed of developments in the medical device software arena has had the agency scurrying for quick solutions.

Among these are its decision to integrate the current provisions of voluntary standards developed by the National Institute of Standards and Technology (NIST), which it considers as a useful guidance for medical software professionals and voluntary information sharing organizations to meet cybersecurity challenges into its regulatory oversight. The onus of being knowledgeable about FDA regulations thus rests on firms that design and market software.

Learning on all the aspects of medical device cybersecurity

A formal learning session that examines this complex relationship is being organized by Compliance4All, a leading provider of professional trainings for all the areas of regulatory compliance. The speaker at this webinar is Casper Uldriks, ex-FDA Expert and former Associate, Center Director of CDRH. Participants who wish to gain clarity on these aspects of medical device cybersecurity can register for this webinar by visiting National Institute of Standards and Technology

The speaker at this webinar will seek to help participants identify the FDA's fundamental premarket and postmarket requirements that involve software. When medical device companies go to the FDA for approval to market their product; they need to be very well informed about everything that the FDA states and requires in this regard, because, as we have examined, the burden of design factors requires well informed considerations about how medical device manufacturers protect their product's software and how they outsmart increasingly sophisticated cyber attackers.

All-round plans

At the same time, device manufacturers also need to be totally compliant with the regulatory options and responsibilities lie with them when a cybersecurity problem is located in their device. Their responsibilities include plans about how to recover and publicly disclose cyberattacks, especially when private medical records are involved. Not getting this right leads to fines that run into millions of dollars for every breach.

So, their cybersecurity efforts should be inclusive of important factors such as these among others:

• Design planning
• Postmarket vigilance
• Training for employees
• An action plan for managing an attack.

Learning on the factors to consider

Casper will help participants identify these basic considerations at this webinar. He will explain the kind of device cybersecurity programs that protect and foster the performance of device based software or standalone software that device manufacturers need to instill in order to assure the safe use of the device. Such programs need to use the FDA's premarket and postmarket information requirements when entering and staying in the market.

This session is of very high value to professionals who deal with some or another form of medical device software and its marketing. This includes those in Regulatory Affairs, Quality Assurance, Software Design Engineers, Manufacturing, the Complaint Department, Hospital Risk Department, and those who market their own labels.

Casper will cover the following areas at this webinar:

• FDA's Cybersecurity Premarket Design Information
• FDA's Postmarket Controls
• Voluntary Controls
• a href="https://www.acs.org.au/content/dam/acs/acs-publications/ACS_Cybersecurity_Guide.pdf">Cybersecurity Training

• Recovery Plans.

Compliance4All is a professional trainings provider for the regulated industries. It offers professional trainings for regulatory compliance professionals and offers innovative strategic consulting and advice to a broad range of organizations.