FRequently Asked Questions

What factors should manufacturers consider in addressing cybersecurity?

About the Author

Ms. Schmitt has also served in additional regulatory affairs and clinical research roles in which she contributed to multiple regulatory submissions and clinical affairs projects across a wide range of indications.

Read More >>

During the design and development of their medical device, manufacturers should consider the following elements in addressing cybersecurity:

Identification of assets, threats, and vulnerabilities
Assessment of the impact of threats and vulnerabilities on device functionality and end users/patients
Assessment of the likelihood of a threat and of a vulnerability being exploited
Determination of risk levels and suitable mitigation strategies
Assessment of residual risk and risk acceptance criteria

Medical devices capable of connecting (wirelessly or hard-wired) to another device, to the Internet or other network, or to portable media (e.g. USB or CD) are more vulnerable to cybersecurity threats than devices that are not connected. Manufacturers should employ a risk-based approach when determining the design features and the level of cybersecurity resilience appropriate for the device. A Cybersecurity Bill of Materials (CBOM) can be a critical element in identifying assets, threats, and liabilities.

‍