BG Networks Launches Comprehensive Medical Device Cybersecurity Program

Tools, Services, and Security Workshops to Empower Medical Device Manufacturers to Meet the new FDA Cybersecurity Guidelines 

Intro  On March 29, 2023, the FDA issued an update regarding its guidance for implementing cybersecurity in medical devices.  In addition to a clear set of security requirements, device manufacturers now have a defined timeline for implementing these requirements.   The FDA classifies medical devices as “cyber devices,” meaning that it needs security, if the device: 

  • Contains software 
  • Has a network interface or a USB interface 
  • Could be adversely affected by a cyber-attack   

Medical Device Manufacturer (MDM) are now required to ensure appropriate cybersecurity features are built into the device and to follow a secure development process.    The FDA is serious about enforcing these requirements. Since Oct 1, 2023, they have refused to accept new 510(k) submissions that do not appropriately address cybersecurity.  

FDA Medical Device Cybersecurity Guidelines  

The latest FDA guidelines for pre-market submissions state that MDMs must 

  • Have a process that considers security from the start 
  • Make sure devices are secure and have verified security via testing 
  • Provide a software bill of materials 
  • Submit a plan to monitor and address post market cybersecurity vulnerabilities 
  • Support a software update process for in field devices to address identified vulnerabilities 

The FDA Cybersecurity Guidance does not provide a fixed set of security capabilities that must be implemented. Rather, it provides a set of security principles and practices that must be followed. The guidance encompasses secure development processes, device capabilities, vulnerability management and reporting, and security implementation disclosure requirements.   

Discover BG Networks' Premarket Submission Services

FDA Guidance: Device Capabilities

BG Networks is now providing a comprehensive set of capabilities to enable Medical Device Manufacturers to meet these new requirements.  

Security Workshops for Medical Device Manufacturers 

Our Medical Device Security workshops provide essential information on cybersecurity for embedded software and security engineers. These are hands-on workshops that cover: 

  • Detailed review of FDA security regulations and guidance  
  • Cybersecurity fundamentals for medical devices  
  • Use of security features on embedded processors  
  • How to implement baseline security features  

Workshops can be tailored to the specific needs of the attendees.  

Security Tools 

Building a secure connected medical device is a complex challenge. MDMs must address secure boot, secure firmware updates, intrusion detection, secure communication, and a number of other security controls. BG Networks provides tools and solutions to accelerate this process and reduce the time it takes to build security into your device.  

BG Networks Cybersecurity Solution Map

 

Security Services 

Implementing security for IoT devices is a challenge. Many companies lack the expertise to implement specialized security capabilities, or don’t have resources to implement security without impact on their development schedule. BG Networks can help.   We can assist with developing a Threat Assessment and Risk Analysis to determine what security features need to be implemented within a device. From there, we can assist with building security into your device, or provide automation tools to allow you to implement security features. Once your device is complete, we can provide penetration testing services to ensure security is properly implemented.  

In addition to implementing security for your device, we can provide documentation of the device’s security capabilities to be included with your 510(k) submissions.  

Summary  MDMs must build security into all new devices. 510(k) submissions now require documentation of security features and processes. BG Networks can help. From FDA focused cybersecurity workshops to tools and services, we can help make your device secure and ready for FDA approval.