With an uptick in FDA scrutiny, emerging requirements & expectations on Manufacturing is taking a hit - according to IRTC (Identity Threat Resources Center)
Maybe indirectly, but devices can harm patients through interconnected medical devices allowing access to data as well as operations, if not tapering with device programming. Devices connect to hospital networks, patient devices and healthcare worker...so key factors must come into consideration:
Pre-Design: requirements that address security plans, risks and critical cyber-documentation
Design Process: Connectivity characteristics should be analyzed and incorporated from the start with appropriate mitigation decisions along the way. An early start can result in less expensive remediation or retrofitting efforts
Prototyping: Assessing and conduct penetration testing allows correction of errors or security loopholes in the application, system or its use, allowing vulnerability identification and remediation
Post-Market Updates: Maintenance upon release is key to updating security patches via a security method and vulnerability management lifecycle to address and dedicate resources in addressing threats
Response Disclosure Policy: Ability and social responsibility to allow for reporting of vulnerabilities without legal reprisals and clear internal polices/plans that address reporting, correcting and communication important flaws or defects.
No comments:
Post a Comment