Cybersecurity threats to the healthcare sector have become more frequent, more severe, and more clinically impactful. Related incidents have rendered medical devices and hospital networks inoperable, disrupting the delivery of patient care across healthcare facilities in the United States and around the world.
In order to demonstrate a reasonable assurance of safety and effectiveness, documentation related to the software validation and risk analysis, is often a necessary part of the premarket submission.
Software device manufacturers may need to establish a cybersecurity vulnerability and management approach, where appropriate, for devices that contain software (including firmware) or programmable logic, as well as software that is a medical device (collectively referred to as “software devices”).
Effective cybersecurity management is intended to decrease the risk of patient harm by reducing device exploitability, which can result in intentional or unintentional compromise of device safety and essential performance.
The requirements of the Quality System Regulation (QSR) apply to the following applications: