TwitterACicon86x90vert facebookACicon86x90vert
TV/Radio XFINITY | WOW! | WBBM | WXRT | B96 + Dance | US99 | K-HITS CHICAGO

   *** SCORES: BEARS | BLACKHAWKS | BULLS | CUBS | FIRE | WHITE SOX ***
YoutubeTwitterFacebookArlingtoncardinalYahoo! Google Bing Aol.ArlingtoncardinalTMZ Rotten Tomatoes ET Online Box Office MojoArlingtoncardinal Channel 9 WGN Channel 7 Chicago ABC Channel 5 Chicago NBC Channel 2 Chicago CBS Daily HeraldChicago Tribune Breaking NewsArlingtoncardinal Chicago Gas PricesFloridaCardinal.comGLOBALCONFLICTMAPS.COM Arlingtoncards.com THE GUIDE

FDA Warns Manufacturers of Medical Devices About Security Measures to Protect Against Hackers

Sat June 15 2013 6:23 am  http://www.arlingtoncardinal.com/?p=63766
 Share The Cardinal -- Arlingtoncardinal.com Articles (E-Mail, Facebook, Twitter & More) 

CHICAGO BEARS RADIO -- WBBM Newsradio 780 "Traffic on the 8's"


CNN Video: The FDA is urging manufacturers to tighten security measures on pacemakers and other medical devices.

A guidance document has been developed by the FDA to assist medical industry manufacturers by identifying issues related to cybersecurity that manufacturers should consider in preparing premarket submissions for medical devices. The need for effective cybersecurity to assure medical device functionality has become more important with the increasing use of wireless, Internet- and network-connected devices, and the frequent electronic exchange of medical device-related health information.

The FDA warns that failure to maintain cybersecurity can result in compromised device functionality, loss of data availability or integrity, or exposure of other connected devices or networks to security threats. These, in turn, have the potential to result in patient illness, injury, or death.

Manufacturers are advised to consider cybersecurity during the design phase of the medical device, as this can result in more robust and efficient mitigation of cybersecurity risks. Manufacturers should define and document the following components of their cybersecurity risk analysis and management plan as part of the risk analysis required by 21 CFR 820.30(g)2 (Medical Device Quality System Regulation and Design Controls):

Identification of assets, threats, and vulnerabilities;
Impact assessment of the threats and vulnerabilities on device functionality;
Assessment of the likelihood of a threat and of a vulnerability being exploited;
Determination of risk levels and suitable mitigation strategies;
Residual risk assessment and risk acceptance criteria.

Cybersecurity Protocols/Security Capabilities
Limit Access to Trusted Users Only
Limit access to devices through the authentication3 of users (e.g., user ID and password, smartcard, biometric);
Use automatic timed user session log-offs appropriate for the use environment;
Employ a layered authorization4 model by differentiating privileges based on the user role (e.g., caregiver, administrator);
Use multi-factor authentication to permit privileged device access (e.g., to administrators, service technicians, maintenance personnel);
Strengthen password protection by avoiding “hardcoded” passwords (i.e., passwords which are the same for each device, difficult to change, and vulnerable to public disclosure) and limit public access to passwords used for privileged device access;
Where appropriate, provide physical locks on devices and their communication ports to minimize tampering;
Require user authentication or other appropriate controls before permitting software or firmware updates, including those affecting the operating system, applications, and anti-malware.

Ensure Trusted Content
Restrict software or firmware updates to authenticated code. One authentication method manufacturers may consider is code signature verification;
Use systematic procedures for authorized users to download version-identifiable software and firmware from the manufacturer;
Ensure secure data transfer to and from the device, and when appropriate, use accepted methods for encryption5.

Use Fail Safe and Recovery Features
Implement fail-safe device features that protect the device’s critical functionality, even when the device’s security has been compromised;
Implement features that allow for security compromises to be recognized, logged, and acted upon;
Provide methods for retention and recovery of device configuration by an authenticated system administrator.

The FDA also recommended guidelines on Cybersecurity Documentation.

Cybersecurity Documentation
The type of documentation that we recommend you submit in your premarket submission is summarized in this section. These recommendations are predicated on your effective implementation and management of the quality system in accordance with the Quality System Regulation, including Design Controls.6

In the premarket submission, manufacturers should provide the following information related to the cybersecurity of their medical device:

Hazard analysis, mitigations, and design considerations pertaining to intentional and unintentional cybersecurity risks associated with your device, including:
A specific list of all cybersecurity risks that were considered in the design of your device;
A specific list and justification for all cybersecurity controls that were established for your device.
A traceability matrix that links your actual cybersecurity controls to the cybersecurity risks that were considered;
To assure continued safe and effective device use, the systematic plan for providing validated updates and patches to operating systems or medical device software, as needed, to provide up-to-date protection and to address the product life-cycle;
Appropriate documentation to demonstrate that the device will be provided to purchasers and users free of malware; and
Device instructions for use and product specifications related to recommended anti-virus software and/or firewall use appropriate for the environment of use, even when it is anticipated that users may use their own virus protection software.

See also …
FDA.gov Medical Devices Content of Premarket Submissions for Management of Cybersecurity in Medical Devices – Draft Guidance for Industry and Food and Drug Administration Staff

CLEAR SKIES?  Weather Data for Saturday, June 15th, 2013

Tags: ,    

IMPORTANT NOTE: All persons referred to as subjects, defendants, offenders or suspects, etc. are presumed to be innocent unless and until proven guilty beyond a reasonable doubt in a court of law.


Try a more powerful search in the box below ... SEARCH BOX PRODUCES RESULTS FOR The Cardinal -- Arlingtoncardinal.com ...
(POWERFUL SEARCH for The Cardinal, which can be expanded on the results page.)

Where background Wikipedia info/photos are used, original work is modified and released under CC-BY-SA.

! MORE NEWS FAST!!! MOST RECENT: CRIMEBLOG | MOST RECENT: FIREBLOG | SUBMIT NEWS TIPS
::: Health, wellness and fitness gifts! CoolFitnessGifts.com ::: Cubs, Sox caps at ChicagoFanfare.com :::

ARLINGTON HEIGHTS BREAKING NEWS --The Cardinal -- Arlingtoncardinal.com is a breaking news blog with Arlington Heights & Chicagoland emphasis. Early breaking reports may prove to be inaccurate after follow-up investigation, which may or may not be updated in The Cardinal -- Arlingtoncardinal.com. For in-depth coverage, please also check the following links for network television, cable news networks and Chicago local media coverage ...

Daily Herald | Daily Herald -- Arlington Heights | YouTube.com/DailyHeraldClips
Today's headline videos: FOXNews Video | YouTube.com/FoxNews | Associated Press | The Cardinal
Chicago Area Newspapers
CNN Arlington Heights  FOXNEWS  BREITBART.COM  cbs2chicago  NBC 5 Chicago  abc7chicago   WGNTV      WGNRADIO720  NEWSRADIO 78  CHICAGO BREAKING NEW  Daily Herald Arlington Heights  Chicago Tribune   Seed Newsvine
 
Video LOGO youtube Twitter Arlingtoncards facebook battery status Cardinal Calendar Search Batteries Plus RSS Help ...
All Headlines
crimeblog | fireblog
« EARLIER | SEARCH ARTICLES BY DATE -- Arlingtoncardinal.com/searchdate | LATER »

Comments for Arlingtoncardinal.com
COMMENTS are now available via one or more of our official Facebook pages. Comments no longer appear on the Arlingtoncardinal.com article per se. Please comment on Facebook.com/ArlingtonCardinal or check the other popular Arlington Cardinal Facebook pages at Arlingtoncardinal.com/about/facebook ...

SUBMIT CRIME TIPS ...
Anyone having information about serious crime in Arlington Heights should register on CitizenObserver.com and look for the anonymous TIP411 feature, or call Arlington Heights Crime Stoppers at 847-590-STOP (847-590-7867). Callers are guaranteed anonymity and may qualify for a cash reward of up to $1,000. Not a resident of Arlington Heights? Check CitizenObserver.com for availability for your community.

   Arlingtoncardinal.com/traffic | Traffic on Twitter

CHICAGOLAND RADAR


Weather radar map is provided by DarkSky.net
Arl Hts Weather | NEXRAD | FULL SCREEN RADAR

RSS Cardinal Weather Center

US & WORLD NEWS

Top News Video …

CHICAGOFIREMAP.NET TWITTER

digital-lifestyle.com

TMZ Plus …

RSS OBITUARIES