Friday 30 September 2022
By Mitch on Friday 30 September 2022, 14:01 - Regulations
That’s the story of the pig and the hen for breakfast: the pig is involved (ham) and the hen is concerned (eggs). With the NIS2 directive in preparation, a medical device manufacturer will be in either situation.
Friday 10 June 2022
By Mitch on Friday 10 June 2022, 13:47 - Regulations
The FDA issued in April a new draft guidance on Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions. This guidance will supersede the guidance on Content of Premarket Submissions for Management of Cybersecurity in Medical Devices of 2014, when it is finalized. There’s no word about the draft guidance of 2018. We can suppose that one is obsolete.
Thursday 13 January 2022
By Mitch on Thursday 13 January 2022, 13:54 - Standards
IEC 81001-5-1 was published in December 2021. We already talked about the draft version here. Combined with IEC/TR 60601-4-5, published in February 2021, these two standards constitute the state of the art in cybersecurity of medical devices in Europe.
The final version is very close to the draft version, apart from a few changes to the organizational requirements; formerly clause 10 present in the draft, but removed and copied to clause 4 in the final version.
Be prepared to apply these two standards for your MDR CE Mark submissions, when they are harmonized. Most probably by 2024.
Friday 9 July 2021
By Mitch on Friday 9 July 2021, 13:37 - Standards
The draft list of harmonized standards for the MDR regulation was published in May 2021. In this document, we find the references to the following cybersecurity standards:
- IEC 80001-1: Safety, effectiveness and security in the implementation and use of connected medical devices or connected health software - Part 1: Application of risk management,
- IEC 81001-5-1 (not published): Health Software and health IT systems safety, effectiveness and security - Part 5-1: Security - Activities in the product lifecycle,
- IEC/TR 60601-4-5: Medical electrical equipment - Part 4-5: Guidance and interpretation - Safety-related technical security specifications.
Sunday 3 May 2020
By Mitch on Sunday 3 May 2020, 14:20 - Regulations
So we have a new guidance on cybersecurity for medical devices: the MDCG 2019-16. This is not the one we expected so quickly, but we're not going to complain about the existence of this guidance! It was published in December 2019. At last I found time to write a review.
This guidance covers a broad range of topics applicable to all stakeholders in the medical device supply chains, and to end-users. It explains a bit why it is 46 pages long.
Friday 16 August 2019
By Mitch on Friday 16 August 2019, 13:44 - Standards
We continue this series of articles on cybersecurity with a free and non-exhaustive review of UL 2900-1 standard.
What is UL 2900-1? This standard was published in 2017 by Underwriters Laboratory (UL). It contains technical requirements on cybersecurity for network connectable products. A collateral UL 2900-2-1 focuses on connectable healthcare and wellness systems. UL 2900-1 and UL 2900-2-1 are FDA recognized standards. Thus, applicable to medical devices.
Thursday 24 January 2019
By Mitch on Thursday 24 January 2019, 12:50 - Regulations
Monday 15 October 2018
By Mitch on Monday 15 October 2018, 14:58 - Templates
Hi there! Long time no see once again. I dig up our series of posts on cybersecurity.
In this post I publish two new templates for cybersecurity risk management.
Monday 3 July 2017
By Mitch on Monday 3 July 2017, 14:06 - Regulations
We continue this series of posts on cybersecurity with some comments on impacts of cybersecurity on the software development documentation.
Tuesday 16 May 2017
By Mitch on Tuesday 16 May 2017, 21:53 - Standards
After a long pause, we continue this series about cybersecurity in medical devices with a discussion on AAMI TIR57:2016 Principles for medical device security — Risk management.
Friday 10 February 2017
By Mitch on Friday 10 February 2017, 14:20 - Regulations
By Mitch on Friday 10 February 2017, 14:19 - Regulations
Tuesday 20 December 2016
By Mitch on Tuesday 20 December 2016, 12:51 - Misc
After a long interruption, we continue this series on cybersecurity in medical devices with a review of stakeholders involved or concerned by cybersecurity requirements, and the consequences on architectural choices.
Monday 24 October 2016
By Mitch on Monday 24 October 2016, 16:50 - Regulations
We begin today a series of posts on cybersecurity in medical devices. Cybersecurity was not a subject before the advent of computerized medical devices. Now that every manufacturer wants its connected medical device, cybersecurity matters!
Let's start with the regulations.