TT Electronics Blog

Cybersecurity and the U.S. Medical Manufacturers' Role

Posted by Katelyn M. DeVan on Jul 24, 2018 9:00:00 AM

Cybersecurity_Medical_Role

An emerging trend in the U.S. MedTech Industry is the increasing attention to cybersecurity. Through the continuous establishment of regulations, more and more is expected of U.S. medical manufacturers with regard to the security of medical devices, data, and information technology that ultimately affect patient safety. In order to meet these expectations, medical manufacturers turn to the U.S. Food and Drug Administration for guidelines. It is through voluntary measures such as the benefit-risk framework that U.S. medical manufacturers can detect what level of cybersecurity risks are present in the medical devices, thus communicate these to end-users. ANSI UL 2900-2-1, for example, is a recently recognized consensus standard that provides a framework for developers and medical manufacturers to assess cybersecurity risk, thus improving the safety of the devices.

The benefit-risk framework is not only implemented in the premarket review, but at the postmarket consideration level  as well.  In order for medical devices to be managed at the postmarket stage, there must be certain systems in place that align with the NIST Framework for Improving Critical Infrastructure Cybersecurity. In addition to these regulations that guide medical manufacturers, there are also WHISTL facilities created by the MDISS (Medical Device Innovation, Safety & Security Consortium) at an international level that test cybersecurity in medical devices. This organization, along with others like The National Health Information Sharing & Analysis Center (NH-ISAC), have partnered with the FDA in creating the Medical Device Security Information Sharing Initiative to promote the prevention of cybersecurity threats to medical devices. Overall, U.S. medical manufacturers will be tasked with maintaining cybersecurity, especially as guidelines continuously evolve. It is important for medical manufacturers to be aware of their role in assessing the possibility of cybersecurity attacks that arise from the use of their products and what they can do to prevent them. 

Topics: Cybersecurity, medical device manufacturing, FDA, Medical Industry, global electronics manufacturing