Summary
“Medical devices are now increasingly connected in a hospital network. Or even if they are not, they are vulnerable to cyber attacks”.
In this episode of the Let's Talk Risk Podcast, Eric Henry highlights the growing concern about security and cybersecurity of medical devices. As technology evolves and medical devices increasingly operate in an interoperable environment, security vulnerabilities, when exploited, pose a serious risk to patient safety.
In this 30 minute discussion, we discuss a wide ranging issues from differences in risk management approaches to the evolving regulatory landscape and expectations for cybersecurity. We also discuss how QA/RA professionals can position themselves to remain competitive in this rapidly changing environment.
Listen to the full podcast or jump to a section of interest listed below.
Chapters
00:00 Introducing Eric Henry
01:33 The Growing Importance of Data Security
06:35 Linking Safety and Security Risk Management
09:11 Current Practices in Security Risk Management
11:35 Differences in Terminology Between Security and Safety Risk Management
14:12 Regulatory Evolution and FDA's Approach
18:40 Post-Market Surveillance and Vulnerability Monitoring
21:10 Understanding Threat Modeling
25:16 Career Reflections and Lessons Learned
28:53 Advice for Quality and Regulatory Professionals
31:38 Closing Comments
Suggested links:
LTR - Medical device cybersecurity now more critical than ever.
LTR: AMA#1: Security risk assessment and vulnerability monitoring.
FDA: Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions, Final Guidance, Issued September 2023.
Key Takeaways
Cybersecurity is a growing concern for medical devices.
The FDA has increased its focus on cybersecurity regulations.
Ransomware attacks pose significant risks to patient safety.
Data privacy is now considered part of risk management.
Threat modeling is essential for identifying vulnerabilities.
Post-market surveillance is critical for ongoing device safety.
There is a need for a common language between safety and security.
Regulatory authorities are evolving their guidance on cybersecurity.
Quality and regulatory professionals must enhance their technical skills.
Understanding the business context is vital for career advancement.
Keywords
Cybersecurity, medical devices, risk management, FDA, data security, threat modeling, healthcare, regulatory compliance, patient safety, vulnerability assessment, ISO 14971, TIR 57.
About Eric Henry
Eric Henry is currently the Senior Quality & Regulatory Compliance Advisor in the FDA & Life Sciences Practice at Kings & Spalding. In his current role, he provides advisory and management consulting services focused on regulatory compliance, enforcement and policy matters. Throughout his highly distinguished career spanning 35 years at leading MedTech companies, Eric has consistently led both the establishment of execution against strategic and functional goals. He is recognized as a thought leader in MedTech QA/RA space through his publications in leading journals and presentations at industry conferences.
Disclaimer
Information and insights presented in this podcast are for educational purposes only. Views expressed by all speakers are their own and do not reflect those of their respective organizations.
Share this post