MDMs are now required to provide the following documentation for “cyber devices”:
Hazard analysis, mitigations, and design considerations pertaining to both intentional and unintentional cybersecurity risks associated with their device.
A traceability matrix linked to actual cybersecurity controls to the cybersecurity risks that were considered.
A summary describing the plan for providing validated software updates and patches as needed throughout the product life cycle.
A summary describing controls that are in place to assure that the medical device software will maintain its integrity in transit.
Device instructions for use and product specifications related to recommended cybersecurity controls appropriate for the intended use environment.
For some MDMs this might be a drastic change from what has been done in the past. To avoid any surprises or delays in your submission — after October 1, 2023 — we encourage you to familiarize yourself with the recent guidance. Making our devices more secure minimizes the risk to the manufacturers, hospitals, but more importantly the patients that they serve.
Follow along this week as we break down how the guidance affects your organization. Register for the free webinar on April 11 at 10:30am PT/1:30pm ET to learn more from MedCrypt’s experts.
Get the latest healthcare cybersecurity news right in your inbox.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
We'll never spam you or sell your information