R&D Workshop: Medical Device Cybersecurity - Manufacturer Approaches

Thursday, September 6, 2018
7:30am - Breakfast & Registration
8:00-9:30am - Program

Location: 
NITA Training Center
1685 38th Street Suite 200
Boulder, CO 80301

Summary: There continues to be a lot of discussion and concern regarding the FDA Cyber Security guidelines for Medical Devices among designers and manufacturers of complex medical devices.
Two of the primary FDA guidance documents are: Content of Premarket Submissions for Management of Cybersecurity in Medical Devices and Postmarket Management of Cybersecurity in Medical Devices. The Premarket guidance was issued on October 2, 2014 and the Postmarket guidance was issued on December 28, 2016. Both documents emphasize the need for manufacturers to take a risk-based approach to:

1. The Cybersecurity of the medical devices themselves.
2. The network(s) they may be designed to integrate with.
3. The impact on other devices which they may interface with.
4. The intended use environment the device will operate in.

Cybersecurity is a dynamic topic that continues to evolve as more medical devices are connected to Electronic Medical Record (EMR) systems as part of their product requirements.

The FDA recognizes “AAMI TIR57:2016 Principles For Medical Device Security - Risk Management” as a consensus standard. This risk-based approach is nearly identical to the approach that is used for assessing the safety risks of a medical device that is familiar to designers/manufacturers using the consensus standard “ANSI/AAMI/ISO 14971:2007/(R)2010 Medical Devices - Applications of Risk Management To Medical Devices”.

This presentation will provide an overview of the FDA guidance documents along with a actual use case that leverages TIR57 which will give the audience an idea of the process used to fulfill the objectives of those guidance documents. A Q&A session will follow the presentation.
Key Takeaways:
  • Identify the information that the FDA will be looking for from the medical device manufacturers. 
  • Gain a sense of the FDA-accepted approach for assessing the Cybersecurity of a given medical device. 
  • Understand the relationship of medical device security to patient safety.
  • Establish contact points for further information: documentation/standards, involvement in user groups (ISAOs), mailing lists, and websites. 

Course Fee: $45 per person


About the Instructor Larry Marko
Mr. Marko is a Software Program Manager at Design Solutions. Mr. Marko has more than 30 years of product development experience work on software systems. This experience includes software design and software management for medical, military, commercial, aerospace, and industrial control industries. His areas of expertise are in project management, software management, and embedded software design. Mr. Marko has held positions in software engineering ranging from design engineer, principal engineer, and lead architect up through software manager and software director. Companies that Mr. Marko has worked for prior to joining Design Solutions, Inc. include: BioMedix; Braemar, Inc.; Banner Engineering Corp.; Rosemount, Inc.; and FMC Naval Systems Division. In addition to holding a Bachelor of Science degree in Electrical Engineering (BSEE), Mr. Marko holds a Bachelor of Science degree in Business (BSB) along with a Masters degree in Business Administration (MBA). All three degrees were attained at the University of Min

Program Partner: