Cybersecurity and Standards

The technology expansion is pushing the options for medical device connectivity. The options and configurations used to be relatively limited. Connectivity continues to grow in its different forms. While this is great for the industry, doctors, and patients, applied cybersecurity also needs to be addressed in every step of the way.

These connected devices connect to the network using Bluetooth, BLE, or WIFI for communications. If configured correctly and cybersecurity being incorporated throughout the process, generally this should work well. To assist with this and provide guidance there are standards for medical devices (e.g., IEC 62304, ISO 14971, and FDA guidance). These provide directed guidance. The key though is documentation. The documents need to show not only you have secured these standards but have implemented them. Part of the plan and implementation includes the product’s risk analysis. I mention this specifically is the risk analysis or TARA is the bedrock for risk analysis. When thorough this will show the vulnerabilities, which need to be addressed. This system’s review will build a solid cybersecurity plan and product for your customers.

About the Author

Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.