If you are fairly new to cybersecurity compliance and have done some research online, you probably quickly noticed that there is a mind-boggling array of overlapping guidance and regulations. Deciphering their relevance to your device can be as confusing as the topic itself. Yet, making sense of your cybersecurity risk obligations starts with understanding which of these documents are “nice to have” versus “need to have.” To help you better understand the cybersecurity compliance landscape, we have created a list […]

A cyber-attacker gains access to a care provider’s computer network through an e-mail phishing trap and assumes command of a file server to which a heart monitor is attached. While scanning the network for devices, the attacker takes control (e.g., power off, continuously reboot) of all heart monitors in the ICU, putting multiple patients at risk. It defies logic why a hacker would want to intentionally harm patients, but this type of threat is definitely not science fiction. It is […]

In our first post we talked about international risk management standards and guidance applicable to medical device software, including the ISO 14971 and IEC 62304 standards. In this post we will discuss specific compliance requirements in the US and Europe for medical device software paired with hardware, and stand-alone Software as a Medical Device (SaMD). Requirements for software risk management in Europe ISO 14971 and IEC 62304 are international standards intended to help you meet regional requirements, such as those imposed […]