“It is not just about protecting your data. It is also about protecting safety of a medical device.”
In this Let’s Talk Risk! conversation, Nidhi Gani highlights the important difference between data security and cybersecurity, especially for a life-saving medical device such as a pacemaker. As medical devices become more inter-connected, they are also increasingly vulnerable to cyberattacks. Managing the risk of these vulnerabilities is a key party of cybersecurity risk management of medical devices and healthcare systems they are a part of.
Although the regulatory environment is changing rapidly, Nidhi encourages risk practitioners to apply the same basic principles of medical device safety to cybersecurity. A best practice is to apply the secure product development framework (SPDF) across the entire lifecycle of a medical device.
Listen to this Let’s Talk Risk! conversation with Nidhi Gani, which also includes an open discussion with a live audience. Jump to a section of interest using these timestamps.
00:01:25 Introduction
00:02:12 Why cybersecurity is important for medical devices
00:04:32 Medical devices today operate in a complex, connected environment
00:05:22 The SPDF approach to medical device development for cybersecurity
00:07:19 Current industry challenges in applying the SPDF approach
00:09:28 Cybersecurity challenges in the post-market phase
00:11:28 Exciting career opportunity for QA/RA professionals
00:15:13 Audience Q&A and open discussion
00:29:24 Closing comments and key takeaways
If you enjoyed this podcast, consider subscribing to the Let’s Talk Risk! newsletter.
Suggested links:
AAMI TR57:2016: Principles for medical device security - Risk management, Revised 2023.
FDA: Cybersecurity webpage, Current as of March 2024.
LTR: Cybersecurity is the next frontier in medical device risk management.
LTR: Security risk assessment and vulnerability monitoring.
About Nidhi Gani
Nidhi Gani is currently a Cybersecurity regulatory affairs consultant at MCRA and an adjunct professor at Northeastern University. She holds a Bachelor’s degree in Biotechnology and Master’s degrees in Microbiology and Regulatory Affairs in Drugs, Biologics, and Medical Devices. She also has a certification in Cybersecurity from Harvard University. She applies her extensive technical and regulatory experience to help develop innovative solutions for medical device clients in this rapidly evolving space.
Let’s Talk Risk! with Dr. Naveen Agarwal is a weekly live audio event on LinkedIn, where we talk about risk management related topics in a casual, informal way. Join us at 11:00 am EST every Friday on LinkedIn.
Disclaimer
Information and insights presented in this podcast are for educational purposes only. Views expressed by all speakers are their own and do not reflect those of their respective organizations.
Share this post