search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Feature: Medical electronics


market surveillance and vigilance.


• 2021 – End of the transitional period for the European Medical Devices Regulation. New devices must now meet the requirements of the MDR before they can be placed on the European market. In the US, the Food & Drug


Administration (FDA) has published several pieces of guidance addressing cybersecurity issues in medical devices. Issued in 2014, the FDA’s guidance “Content of Premarket Submissions for Management of Cybersecurity of Medical Devices” outlines considerations that manufacturers should include as part of their device design and development phases, and which should be documented in their submissions under both its pre- market notification (510(K)) and pre- market approval (PMA) programmes. Te FDA’s most recent guidance related to cybersecurity, “Postmarket Management of Cybersecurity in Medical Devices”, was issued in late 2016 and provides a framework for medical device cybersecurity risk management, as well as details on remediating and reporting cybersecurity vulnerabilities. Tese and other regulations and


guidance reflect the growing cyber threats, as well as the evolution of thinking about how manufacturers can minimise them. However, there continues to be considerable divergence within the industry on the best ways to effectively address cybersecurity issues specific to medical devices. While there are several industry-


accepted standards available that are applicable to cybersecurity issues in general, medical device manufacturers have lacked a life-cycle standard that directly addresses the issue of cybersecurity as it impacts connected medical devices. Te absence of a dedicated standard has held back efforts to deploy universal strategies to protect advanced connected medical technologies from current and future cybersecurity attacks.


IEC 81001-5-1: strengthening cybersecurity To fill this critical void, the International Electrotechnical Commission (IEC)


has developed a new standard focused exclusively on cybersecurity issues impacting soſtware used in connected health technologies. Tis includes medical devices and consumer-orientated health products and applications. Released in December 2021, aſter


more than three years of discussions and deliberations, IEC 81001-5-1 is an important supplement to IEC 62304, “Medical device soſtware – Soſtware lifecycle processes”, which establishes a common framework for the life cycle processes related to medical device soſtware. Specifically, IEC 81001-5-1 addresses


security issues related to all types of “health soſtware”, which is defined in the standard as: “Soſtware intended to be used specifically for managing, maintaining, or improving the health of individual persons, or the delivery of care, or which has been developed for the purposes of being incorporated into a medical device.” As this definition clearly confirms,


the broader scope of ‘health soſtware’ includes not just manufacturers of medical devices but also soſtware developers, whose products and applications are used in various health- related systems and devices, as well as soſtware as a medical device (SaMD) and soſtware-only products intended for health-related uses. IEC 81001-5-1 also covers the entire


product life-cycle of health soſtware, from product development through post-market use and monitoring. For this reason, the standard also recognises the critical role of healthcare delivery organisations in maintaining effective cybersecurity practices, emphasising the importance of bilateral communications between device manufacturers and soſtware developers, as well as those responsible for the actual use of connected devices. Like other process-related standards, IEC 81001-5-1 details the activities to be undertaken by the manufacturer or soſtware developer as part of the overall product development life-cycle to help ensure protection against cyberthreats. Specific activities are described in clauses


four through to nine of the standard, as follows: • Clause 4 – General requirements; • Clause 5 – Soſtware development process; • Clause 6 – Soſtware maintenance process; • Clause 7 – Security risk management process;


• Clause 8 – Soſtware configuration process;


• Clause 9 – Soſtware problem resolution process.


IEC 81001-5-1 also includes several


informative annexes to help manufacturers and developers meet the requirements of the standard. Annex B provides guidance on the implementation of life-cycle activities to help ensure the security of health soſtware. Annex C provides a detailed discussion of the threat modelling, a systematic approach for analysing the security of a device or an application to facilitate the identification and prioritisation of potential security threats. It also offers details on a number of approaches that can be used to develop an accurate threat model.


Harmonised standard IEC 81001-5-1 is expected to be designated by the EU Commission as a harmonised standard under the MDR with an anticipated effective date in May 2024. Te standard is also likely to be recognised by the U.S. FCC as a “consensus standard” that can be used in support of submissions for 510(k) and PMA review. But, regardless of the standard’s actual effective date, connected-device manufacturers and developers of health soſtware can gain significant benefits from meeting the requirements of ISO 81000-5-1 in current and future product designs. Te growing cyber threat landscape


for connected medical devices requires that device manufacturers and soſtware developers take a proactive approach in designing their products to minimise the risk of potential cybersecurity vulnerabilities. IEC 81001-5-1 provides a detailed roadmap that manufacturers and developers can adopt, thereby helping to ensure the safety and security of their products, and the end-user patients, through the products’ entire lifecycle.


www.electronicsworld.co.uk March 2023 35


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44