Cyber Security Planning for Medical Devices

How you manage cyber security issues for medical device software raises serious concerns at FDA. Software is subject to a number of FDA requirements, such as the Quality System Regulation design control requirements. In adequate cyber security measures can lead to a risk to health that prompts other regulatory requirements, such as Medical Device Reports, Reports of Corrections and Removals and potentially to premarket requirements where the redesign of cyber security software results in a significant change to a device. There is an open question about whether any correction of software should be reported to the FDA. The webinar will integrate these issues so you can understand the need for cyber security and develop a comprehensive plan to manage the real possibility of a fatal hack attack.

Cyber Security issues address software vulnerabilities. Exploiting software vulnerabilities, such as with “hacking,” can lead to devastating results. In terms of medical devices, malicious hacking can lead to serious injury or death. When FDA began to regulate medical devices, software had not evolved to a level of pervasive use, as a stand alone device or as a customized platform for institutional use. Even today, FDA struggles to keep up with the evolution of software, its applications and its inherent risks. There are many instances of how cyber security measures are inadequate for commercial and personal use software. What happens when the software malfunctions or fails to perform is a necessary consideration now. For example, someone in a remote location can cause a life sustaining device to stop working. That ability has been proven. The elements of design, operation and correction of corrupted software require rigorous evaluation. As health care technology and cost management increasingly rely on software, the potential for an increased incidence of adverse events related to hacking will follow.

Areas Covered in the Session :

• FDA Draft Guidance entitled, “Content of Premarket Submissions for Management of Cyber Security in Medical Devices.”
• FDA Safety Alert entitled, “Cyber Security for Medical Devices and Hospital Networks: FDA Safety Communication
• Device regulatory requirements before and after marketing
• Risk to health consequences of Cyber Security failure
• Off-the-Shelf software Cyber Security

Who Should Attend:

• Software specification developers and engineers
• Information technology managers
• Regulatory affairs senior managers
• Risk managers for clinical institutions
• Clinical management teams
• Patient managers for life supporting/life sustaining devices
• Crisis intervention planners
• Customer training managers
• Manufacturers with a history of software recalls
• Devices Manufacturers that use software
• FDA device consultants
• Third party software designers / engineers
• Clinical institutions
• Entire staff of a start up device manufacturing firms

Course Director: CASPER E. ULDRIKS ‎

Casper (Cap) Uldriks brings over 32 years of experience from the FDA. He specialized in the FDA’s medical device program as a field investigator, served as a senior manager in the Office of Compliance and as an Associate Center Director for the Center for Devices and Radiological Health. He developed enforcement actions and participated in the implementation of new statutory requirements. He is recognized as an exceptional and energetic speaker. His comments are candid, straightforward and of practical value. He understands how FDA thinks, operates and where it is headed. Cap is the President of Encore Insight LLC, a consulting and training service for FDA law and operations.