Presentation
MDD16 - Incorporating Recommendations From the FDA’s Recent Final Guidance on Cybersecurity Risks in Medical Devices Into Your Human Factors Engineering Process
SessionPoster Session 1
DescriptionThe FDA has issued a final guidance, Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions, intended to promote consistency, facilitate efficient premarket review, and help ensure that marketed medical devices are sufficiently resilient to cybersecurity threats.
In the guidance, the FDA provides its recommendations to industry regarding cybersecurity device design, labeling, testing, and the documentation that they recommend be included in premarket submissions for devices with cybersecurity risk. This guidance document is applicable to devices with cybersecurity considerations, including but not limited to devices that have a device software function or that contain software (including firmware) or programmable logic.
The final document provides guidance on to how certain cybersecurity risks should be mitigated, designed, and tested throughout a connected medical device's human factors engineering (HFE) process. The HFE process should focus on use-related cybersecurity risks or those that are "transferred to the user." Based on the guidance these risks are those that are managed by a user's actions in place of or in conjunction with another part of the device (i.e., asset, system, network, or geographic area).
The guidance lists specific considerations for labeling and testing use-related cybersecurity risks but not the actionable steps of how to implement them into the different phases of the medical device’s development lifecycle. Based on experience working for medical device manufacturers this poster outlines the concrete steps that HFEs should follow in the design controls product development process to demonstrate and document that adequate steps have been taken to adhere with this guidance.
In the guidance, the FDA provides its recommendations to industry regarding cybersecurity device design, labeling, testing, and the documentation that they recommend be included in premarket submissions for devices with cybersecurity risk. This guidance document is applicable to devices with cybersecurity considerations, including but not limited to devices that have a device software function or that contain software (including firmware) or programmable logic.
The final document provides guidance on to how certain cybersecurity risks should be mitigated, designed, and tested throughout a connected medical device's human factors engineering (HFE) process. The HFE process should focus on use-related cybersecurity risks or those that are "transferred to the user." Based on the guidance these risks are those that are managed by a user's actions in place of or in conjunction with another part of the device (i.e., asset, system, network, or geographic area).
The guidance lists specific considerations for labeling and testing use-related cybersecurity risks but not the actionable steps of how to implement them into the different phases of the medical device’s development lifecycle. Based on experience working for medical device manufacturers this poster outlines the concrete steps that HFEs should follow in the design controls product development process to demonstrate and document that adequate steps have been taken to adhere with this guidance.
Event Type
Poster Presentation
TimeMonday, March 314:45pm - 6:15pm EDT
LocationFrontenac Foyer
Digital Health (DH)
Simulation and Education (SE)
Hospital Environments (HE)
Medical and Drug Delivery Devices (MDD)
Patient Safety and Research Initiatives (PS)