Medical Device Software User Guide – Recovery Steps for Ransom Attacks

Medical device software and institutional enterprise systems sit in the crosshairs of hackers’ exploitation malware. The “Wanna Cry” ransom attack program is a recent global example of a cyberattack. Ransomware can shut down an entire software system, such as utility grids, banking systems, the stock exchange and healthcare institutions. Every day, healthcare providers bargain to have access to their own software system. The hackers use the “at risk” patients as leverage. A software based device may carry a malware program that can shut the device down or send a malware program through network system so it becomes an attack by association.

Emergency treatment, life supporting and life sustaining operations fall into a fatal collapse. You have minutes, maybe a few hours, to pay up and restore operations. You may have experienced this “out of the blue” attack using your personal computer or any number of devices. Have your credit card or bitcoins ready.

Similarly, manufacturers of software based devices face the same vulnerabilities to malware exploitation. Premarket submissions now require information about cybersecurity design and performance, but like any attack, whether for an institutional enterprise system or a manufacturers device, the cyber intrusion can bring operations to a halt. What you thought would work when you sold it may not survive a hacker’s targeted ingenuity and determination.

Why You Should Attend :

Device firms and healthcare providers are sitting ducks for a hacker. Devices new to the market may have some cybersecurity design feature, older ones do not. The critical point is what device manufacturer and healthcare institution do when they identify the problem, manage it and learn from it, much like what a CAPA program should do. There are some basic steps that the healthcare industry should include in its cyber recovery program. We will cover them in the webinar. Having a basic check list will sensitize you to the breadth and depth of the actions you must take to mitigate the hack attack damage as you recover from its infection.

Areas Covered in the Session :

• Business Plans: yours vs. the hacker’s
• Prior Risk Mitigation Steps
  • Corp Policy
  • Risk Analysis / Impact Assessment
• Individual recovery plan
  • To pay or not to pay
  • Steps to restore institutional operations
• Reporting
  • FBI
  • FDA
  • Government Contracts
• Public disclosure

Who Should Attend:

A must attend training for manufacturers of Medical Devices, Standalone software, Software based devices, Device Data Systems, Medical Apps, Wi-fi providers and Software engineering. The professionals who will benefit are:

• Device Regulatory Affairs Teams
• Hospital Risk Managers
• Quality Assurance Teams
• Chief Information Officers
• VP Operations / Business Planning
• IT Security Officers
• IT Administrators
• Software Engineers
• Director of Public Relations / Marketing

Course Director: CASPER E. ULDRIKS ‎

Casper (Cap) Uldriks brings over 32 years of experience from the FDA. He specialized in the FDA’s medical device program as a field investigator, served as a senior manager in the Office of Compliance and as an Associate Center Director for the Center for Devices and Radiological Health. He developed enforcement actions and participated in the implementation of new statutory requirements. He is recognized as an exceptional and energetic speaker. His comments are candid, straightforward and of practical value. He understands how FDA thinks, operates and where it is headed. Cap is the President of Encore Insight LLC, a consulting and training service for FDA law and operations.