Cybersecurity threats to the healthcare sector have become more frequent, more severe, and more clinically impactful. Related incidents have rendered medical devices and hospital networks inoperable, disrupting the delivery of patient care across healthcare facilities in the United States and around the world.
In order to demonstrate a reasonable assurance of safety and effectiveness, documentation related to the software validation and risk analysis, is often a necessary part of the premarket submission.
Software device manufacturers may need to establish a cybersecurity vulnerability and management approach, where appropriate, for devices that contain software (including firmware) or programmable logic, as well as software that is a medical device (collectively referred to as “software devices”).
Effective cybersecurity management is intended to decrease the risk of patient harm by reducing device exploitability, which can result in intentional or unintentional compromise of device safety and essential performance.
The requirements of the Quality System Regulation (QSR) apply to the following applications:
Healthcare organizations must provide mobile and remote employees with highly secure and encrypted access to internal systems and devices that are protected against emergent mobile-based attacks.
Transmission of sensitive electronic personal health information (ePHI) across internal Multiprotocol Label Switching (MPLS) networks, and sharing data with third-party suppliers, such as medical labs over the internet, must be handled in accordance with regulatory requirements like Health Insurance Portability and Accountability Act (HIPAA), Health Information Trust Alliance (HITRUST) and the General Data Protection Regulation (GDPR).
Companies (establishments) that are involved in the production and distribution of medical devices intended for use in the United States, are required to register and list their products with the U.S. Food and Drug Administration, then renew their registration between October 1 and December 31, each year.