search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
MEDICAL EQUIPMENT u TỮV SỮD


Cybersecurity of medical devices


Like other data sets, health-related data includes confidential information that could be misused when accessed by those with malicious intent, says Joe Lomako, business development manager (IoT) at TÜV SÜD


U


nfortunately, instances of cyberattacks against connected medical devices are becoming all too common, and sensitive


data collected by connected medical devices could be vulnerable to cybersecurity threats and breaches.


With the anticipated growth in the deployment and use of connected medical devices, the number of cyberattacks is only likely to increase. Amidst this growing threat landscape, regulators in major jurisdictions are increasingly aware of the need to provide the industry with clearer and more direct regulations and guidance on developing connected medical devices that can help secure them from the most likely cyber threats. While there are a number of industry- accepted standards available that are applicable to cybersecurity issues in general, medical device manufacturers have lacked a life cycle standard that directly addresses the issue of cybersecurity as it impacts connected medical devices. The absence of a dedicated standard has held


back efforts to deploy common strategies to protect advanced connected medical technologies from current and future cybersecurity concerns.


CYBERSECURITY FOCUS To fill this critical void, the International Electrotechnical Commission (IEC) has developed a new standard focused exclusively on cybersecurity issues impacting software used in connected health technologies. This includes medical devices, and consumer-oriented health products and applications.


Released in December 2021 after more than


three years of discussions and deliberations, IEC 81001-5-1 is an important supplement to IEC 62304, “Medical device software – Software lifecycle processes”, which establishes a common framework for the life cycle processes related to medical device software. Specifically, IEC 81001-5-1 addresses security


issues related to all types of “health software,” which is defined in the standard as: “Software intended to be used specifically for managing, maintaining, or improving the health of individual persons, or the delivery of care, or which has been developed for the purposes of being incorporated


30 July/August 2023 Irish Manufacturing


into a medical device.” As this definition clearly confirms, the broader scope of “health software” includes not just manufacturers of medical devices but also software developers, whose products and applications are used in a variety of health-related systems and devices, as well as software as a medical device (SaMD) and software-only products intended for health-related uses. IEC 81001-5-1 also covers the entire product


life cycle of health software, from product development through post-market use and monitoring. For this reason, the standard also recognises the critical role of healthcare delivery organisations in maintaining effective cybersecurity practices, emphasising the importance of bilateral communications between device manufacturers and software developers, as well as those responsible for the actual use of connected devices. Like other process-related standards, IEC 81001-5-1 details the activities to be undertaken by the manufacturer or software developer as part of the overall product development life cycle to help ensure protection against cyberthreats. Specific activities are described in clause four through to nine of the standard, as follows:


Clause 4 – General requirements; Clause 5 – Software development process; Clause 6 – Software maintenance process; Clause 7 – Security risk management process;


Clause 8 – Software configuration process; and Clause 9 – Software problem resolution process.


IEC 81001-5-1 also includes several informative


Annexes that can help manufacturers and developers meet the requirements of the standard. Annex B provides guidance on the implementation of life cycle activities to help ensure the security of health software. Annex C provides a detailed discussion of


the threat modelling, a systematic approach for analysing the security of a device or an application to facilitate the identification and prioritisation of potential security threats. It also offers details on a number of approaches that can be used to develop an accurate threat model. Few innovations in recent memory have done


more to transform healthcare than the use of connected technologies. However, they also introduce a number of potentially significant cybersecurity risks. The growing cyber threat landscape for connected medical devices requires that device manufacturers and software developers take a proactive approach in designing their products to minimise the risk of potential cybersecurity vulnerabilities.


IEC 81001-5-1 provides a detailed roadmap that


manufacturers and developers can adopt, thereby helping to ensure the safety and security of their products through the entire lifecycle.


www.irish-manufacturing.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46