BG Networks Launches Comprehensive Medical Device Cybersecurity Program
Tools, Services, and Security Workshops to Empower Medical Device Manufacturers to Meet the new FDA Cybersecurity Guidelines
Intro On March 29, 2023, the FDA issued an update regarding its guidance for implementing cybersecurity in medical devices. In addition to a clear set of security requirements, device manufacturers now have a defined timeline for implementing these requirements. The FDA classifies medical devices as “cyber devices,” meaning that it needs security, if the device:
- Contains software
- Has a network interface or a USB interface
- Could be adversely affected by a cyber-attack
Medical Device Manufacturer (MDM) are now required to ensure appropriate cybersecurity features are built into the device and to follow a secure development process. The FDA is serious about enforcing these requirements. They have stated that, beginning Oct 1, 2023, they will refuse to accept new 510(k) submissions that do not appropriately address cybersecurity.
FDA Medical Device Cybersecurity Guidelines
The latest FDA guidelines for pre-market submissions state that MDMs must
- Have a process that considers security from the start
- Make sure devices are secure and verifying security via testing
- Provide a software bill of materials
- Submit a plan to monitor and address post market cybersecurity vulnerabilities
- Support a software update process for in field devices to address identified vulnerabilities
The FDA Cybersecurity Guidance does not provide a fixed set of security capabilities that must be implemented. Rather, it provides a set of security principles and practices that must be followed. The guidance encompasses secure development processes, device capabilities, vulnerability management and reporting, and security implementation disclosure requirements.
FDA Guidance: Device Capabilities
BG Networks is now providing a comprehensive set of capabilities to enable Medical Device Manufacturers to meet these new requirements.
Security Workshops for Medical Device Manufacturers
Our Medical Device Security workshops provide essential information on cybersecurity for embedded software and security engineers. These are hands-on workshops that cover:
- Detailed review of FDA security regulations and guidance
- Cybersecurity fundamentals for medical devices
- Use of security features on embedded processors
- How to implement baseline security features
Workshops can be tailored to the specific needs of the attendees.
Building a secure connected medical device is a complex challenge. MDMs must address secure boot, secure firmware updates, intrusion detection, secure communication, and a number of other security controls. BG Networks provides tools and solutions to accelerate this process and reduce the time it takes to build security into your device.
BG Networks Cybersecurity Solution Map
Implementing security for IoT devices is a challenge. Many companies lack the expertise to implement specialized security capabilities, or don’t have resources to implement security without impact on their development schedule. BG Networks can help. We can assist with developing a Threat Assessment and Risk Analysis (TARA) to determine what security features need to be implemented within a device. From there, we can assist with building security into your device, or provide automation tools to allow you to implement security features. Once your device is complete, we can provide penetration testing services to ensure security is properly implemented.
In addition to implementing security for your device, we can provide documentation of the device’s security capabilities to be included with your 510(k) submissions.
Summary MDMs must build security into all new devices. 510(k) submissions now require documentation of security features and processes. BG Networks can help. From FDA focused cybersecurity workshops to tools and services, we can assure your device is secure and ready for FDA approval.