Indian medical device industry views US FDA Premarket Cybersecurity norms to boost customer confidence | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Indian medical devices industry is of the view that the draft of the US FDA Premarket Cybersecurity Guidance as the valuable document. This according to the industry would provide a reasonable assurance that the device and related systems are cyber-secure. With remote patient monitoring and telemedicine being core services in healthcare, many companies have already begun to expand their medical device cybersecurity services portfolio. This is to enable a uniform level of security, visibility, traceability, and audit capability needed for critical access management and data security.

The US FDA guidance on Select Updates for the Premarket Cybersecurity mandates the need for manufacturers of devices to design, develop, and maintain processes and procedures.

According to a section of the medical devices industry here, the guidance holds significant importance for India as it provides a roadmap for ensuring the cybersecurity of devices and related systems, thereby enhancing market access, customer confidence, risk mitigation efforts, competitive positioning, and legal compliance.

Hospitals are increasingly prioritizing cybersecurity measures, including regular risk assessments, implementing robust security protocols, ensuring staff training on cybersecurity best practices, and collaborating with cybersecurity experts to identify and address vulnerabilities in medical devices and hospital networks. Additionally, regulatory bodies and policymakers play a crucial role in establishing and enforcing cybersecurity standards to safeguard patient care and data privacy in the healthcare sector, said Indian medical device companies.

In the guidance, the global regulator has called for the need to update software of medical devices including validation. This is because more devices are connected the internet. It contains technological features that could be vulnerable to cybersecurity threats. These include Wi-Fi or cellular network, server, or cloud service provider connections. In addition bluetooth, radiofrequency communications; hardware connectors capable of connecting to the internet USB, Ethernet and serial port which need to be validated.

Under the section of documentation recommendations to comply for applicable premarket submission types, manufacturers must provide documentation to adhere with the requirements under Section 524B of the FD&C Act.

In this regard, the global regulator suggests three steps. The first is to put a plan in place to monitor, identify, and address in a reasonable time, post-market cybersecurity vulnerabilities and exploits, including coordinated vulnerability disclosure and related procedures which the medical device companies need to disclose in their premarket submissions.

Secondly, the regulator insists to develop and release required updates cyber devices to make them fool proof for known unacceptable vulnerabilities available in reasonably justified regular cycle. The companies need to address as soon as possible out of cycle, critical vulnerabilities that could cause uncontrolled risks.

Thirdly, US FDA recommends that manufacturers of cyber devices anticipate and make appropriate updates to these plans, as well as to the processes, and procedures. This will help medical devices companies to counter new risks, threats, vulnerabilities, adverse impacts if discovered throughout the total product lifecycle. “To support such efforts, manufacturers should also create or update appropriate documentation and maintain it throughout the device lifecycle,” said the global regulatory authority.


Click Here For The Original Source.

National Cyber Security