FREQUENTLY Asked Questions
What factors should manufacturers consider in addressing cybersecurity?
View All FAQs
About the Author
Proxima CRO Team
Isabella Schmitt, RAC
Director of Regulatory Affairs

Prior to joining Proxima, Isabella served as the Senior Regulatory & Quality Manager at a medical device company, where she outlined the regulatory strategy & put together design controls & design history documentation. She was the Dir. of CMC & Quality at a biopharmaceutical company, where she oversaw all manufacturing and analytical processes and timelines and ensured CMC regulatory strategy was sufficient for filings in Europe and the US.

During the design and development of their medical device, manufacturers should consider the following elements in addressing cybersecurity:

  • Identification of assets, threats, and vulnerabilities
  • Assessment of the impact of threats and vulnerabilities on device functionality and end users/patients
  • Assessment of the likelihood of a threat and of a vulnerability being exploited
  • Determination of risk levels and suitable mitigation strategies
  • Assessment of residual risk and risk acceptance criteria

Medical devices capable of connecting (wirelessly or hard-wired) to another device, to the Internet or other network, or to portable media (e.g. USB or CD) are more vulnerable to cybersecurity threats than devices that are not connected. Manufacturers should employ a risk-based approach when determining the design features and the level of cybersecurity resilience appropriate for the device. A Cybersecurity Bill of Materials (CBOM) can be a critical element in identifying assets, threats, and liabilities.

Related Terms:
No items found.
Related FAQs:
More Questions? We're here to help!
SPEAK WITH A SPECIALIST