Medical Device Cybersecurity Quality Assurance - Webinar CD/Transcript

Quantity Discounts
1 - 2
3 - 4
5 - 6
7 - 9
10 - 9999

Medical Device Cybersecurity Quality Assurance: Requirements, Best Practices and Innovative Approaches

Network connectivity opens up a wealth of possibilities for medical devices, but it also exposes a minefield of potential liabilities. Devices transmit data on the user’s condition to healthcare professionals, but can you be sure the information doesn’t fall into unauthorized hands? Even more vitally, if a device can send data out, malware or hackers could possibly get in. How can you guarantee an attacker won’t be able to affect its functionality?

Do you know the difference between “black hat” and “white hat” hackers? Do you understand how a hacker views a target, what motivates them and what makes a device a target?  How can common malware — not necessarily intended specifically for devices — find its way into devices and connected systems?

Explore what you, as a medical device manufacturer, should be doing with your quality assurance strategies to protect your devices.  Plus, take a deeper dive into how other industries are dealing with this issue through responsible disclosure policies. What does “responsible disclosure” mean to your relationship with regulators?

Take a look at bug bounty programs and how they might work for a medical device development organization. Would you be willing to have security researchers poke and prod within your products and code to identify weak spots?  How would the FDA view these types of quality assurance measures?

Consider what security requirements hospitals use when they procure devices. How do they ensure their own systems stay up and running? Finally, consider how your company should view the information it receives.  Should this be an extension of your formal complaint system?

Learn both sides of the facts, from two of the field’s top experts – one in systems engineering and design, the other in hacking and reverse engineering – before you risk having your company’s devices compromised.

In 90 Minutes You’ll Learn:

  • Why and how hackers find vulnerabilities and target medical devices
  • Real-life scenarios of cybersecurity breaches and their consequences (even an attack not aimed at your device could interfere with it!)
  • The path to incorporate cybersecurity into your quality assurance and safety risk analysis (do you know why cloud connectivity might not be a good idea?)
  • The elements of an effective, cross-functional cybersecurity team (what color are their hats, and why does it matter?)
  • The best practices used to address cybersecurity in other industries, and practical ways medical device manufacturers may apply these (could a bug bounty program work for you?)
  • Information about FDA’s pre-market cybersecurity guidance released in October 2014
  • Policies and procedures companies may consider to prepare for FDA’s upcoming release of post-market surveillance expectations

This course will be of benefit:

  • QA/QC personnel
  • Data management and statistics personnel
  • Engineering and design controls teams
  • Risk management specialists
  • Compliance officers

Meet Your Presenters

Melissa Masters, RAC, (B.S., Electrical & Computer Engineering)
Ms. Masters heads Battelle's DeviceSecure™ Services and has more than 12 years of experience in product development as a project manager, systems engineer and design engineer. She serves as the project manager and lead systems engineer on medical device development programs, as well as sustaining engineering programs. Her responsibilities include project management, task management, leading risk assessments, writing and testing system and subsystem requirements, testing of clinical and prototype devices and conducting clinical trials. Ms. Masters is a voting member of the AAMI working group on cybersecurity for medical devices and has published on a variety of cybersecurity topics in AAMI Horizons, Mass Device, and Fierce Medical Devices. In addition, Ms. Masters holds a Regulatory Affairs Certification (RAC) and has a working knowledge of domestic and international regulatory requirements for medical devices.

Stephanie Preston, CEH, GSEC, EIT, (B.S., Electrical & Computer Engineering)
Ms. Preston is a Certified Ethical Hacker (CEH) in Battelle's Cyber Innovations team, where she focuses on firmware reverse engineering (x86, x86_64, MIPS, 8051), as well as application development (C/C++). She also serves as the team's intellectual property steward, and chairs the Battelle Vulnerability Disclosure Council. Ms. Preston is a registered engineer in training (EIT) in the state of Ohio, holds a (GSEC) Global Information Assurance Certification (GIAC) Security Essentials certification, and a Certified Ethical Hacker (CEH) certification. Ms. Preston has been published on multiple medical device cybersecurity topics in MedDevice Online. She also serves as an adjunct faculty member at the Ohio State University College of Computer Engineering.