FDAnews Device Daily Bulletin
Medical Devices / Regulatory Affairs

Manufacturers Need Cyber Risk Assessment Team, Framework

Dec. 19, 2016

Protecting medical devices against cyber threats will require manufacturers to assemble an assessment team with a broad understanding of each device’s design, intended use and data functions.

Manufacturers also need to develop a comprehensive risk assessment framework to help identify assets and cybersecurity risks, link those risks to appropriate cybersecurity controls, assess the impact of cyber vulnerabilities on device functionality and users, assess whether vulnerabilities can be exploited, and determine mitigation strategies, says Nick Sikorski, senior consultant with Deloitte & Touche.

To make the framework successful, the assessment team needs to understand how the product being assessed works, including the software it uses, network characteristics, the type of information the device collects and uses, and any physical security features it has, Sikorski told an FDAnews webinar. — Jeff Kinney

View today's stories