{"id":7221,"date":"2023-12-03T23:57:27","date_gmt":"2023-12-03T23:57:27","guid":{"rendered":"https:\/\/www.orielstat.com\/blog\/?p=7221"},"modified":"2024-01-12T20:29:24","modified_gmt":"2024-01-12T20:29:24","slug":"fda-medical-device-cybersecurity-regulatory-requirements","status":"publish","type":"post","link":"https:\/\/www.orielstat.com\/blog\/fda-medical-device-cybersecurity-regulatory-requirements\/","title":{"rendered":"FDA Medical Device Cybersecurity: Understanding Your Basic Regulatory Requirements"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"7221\" class=\"elementor elementor-7221\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1b0c5cde elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1b0c5cde\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6dd05cd3\" data-id=\"6dd05cd3\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-7ca59751 blog-details-page elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"7ca59751\" data-element_type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;gradient&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-66 elementor-top-column elementor-element elementor-element-6ea4084d\" data-id=\"6ea4084d\" data-element_type=\"column\" data-settings=\"{&quot;background_background&quot;:&quot;gradient&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3fab5c3f elementor-widget elementor-widget-post-info\" data-id=\"3fab5c3f\" data-element_type=\"widget\" data-widget_type=\"post-info.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<link rel=\"stylesheet\" href=\"https:\/\/www.orielstat.com\/blog\/wp-content\/uploads\/elementor\/css\/custom-widget-icon-list.min.css?ver=0\"><link rel=\"stylesheet\" href=\"https:\/\/www.orielstat.com\/blog\/wp-content\/plugins\/elementor-pro\/assets\/css\/widget-theme-elements.min.css\">\t\t<ul class=\"elementor-inline-items elementor-icon-list-items elementor-post-info\">\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item elementor-repeater-item-7f6be35 elementor-inline-item\" itemprop=\"datePublished\">\n\t\t\t\t\t\t<a href=\"https:\/\/www.orielstat.com\/blog\/2023\/12\/03\/\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text elementor-post-info__item elementor-post-info__item--type-date\">\n\t\t\t\t\t\t\t\t\t\tDecember 3, 2023\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t<\/li>\n\t\t\t\t<\/ul>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5f16c1c2 elementor-widget elementor-widget-heading\" data-id=\"5f16c1c2\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.16.0 - 17-10-2023 *\/\n.elementor-heading-title{padding:0;margin:0;line-height:1}.elementor-widget-heading .elementor-heading-title[class*=elementor-size-]>a{color:inherit;font-size:inherit;line-height:inherit}.elementor-widget-heading .elementor-heading-title.elementor-size-small{font-size:15px}.elementor-widget-heading .elementor-heading-title.elementor-size-medium{font-size:19px}.elementor-widget-heading .elementor-heading-title.elementor-size-large{font-size:29px}.elementor-widget-heading .elementor-heading-title.elementor-size-xl{font-size:39px}.elementor-widget-heading .elementor-heading-title.elementor-size-xxl{font-size:59px}<\/style><h1 class=\"elementor-heading-title elementor-size-default\">FDA Medical Device Cybersecurity: Understanding Your Basic Regulatory Requirements<\/h1>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bbfa4ae elementor-widget elementor-widget-image\" data-id=\"bbfa4ae\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.16.0 - 17-10-2023 *\/\n.elementor-widget-image{text-align:center}.elementor-widget-image a{display:inline-block}.elementor-widget-image a img[src$=\".svg\"]{width:48px}.elementor-widget-image img{vertical-align:middle;display:inline-block}<\/style>\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/www.orielstat.com\/blog\/wp-content\/uploads\/2019\/06\/software-engineer-examining-code_Resized-1104W736H.jpg\" class=\"attachment-full size-full wp-image-1952\" alt=\"software engineer examining\" loading=\"lazy\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1005398 elementor-widget elementor-widget-text-editor\" data-id=\"1005398\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.16.0 - 17-10-2023 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#69727d;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#69727d;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-medium wp-image-1952\" src=\"https:\/\/www.orielstat.com\/blog\/wp-content\/uploads\/2019\/06\/software-engineer-examining-code_Resized-1104W736H.jpg\" alt=\"software engineer examining\" width=\"1\" height=\"1\" \/>A hacker gains access to someone\u2019s insulin pump via their wi-fi network and then overdoses the patient, killing them. A \u201cmade for TV\u201d fantasy? Unfortunately, no. In 2019 the FDA identified this very real risk to devices made by one of the largest medical device companies in the world.<\/p><p>Fortunately, there is no money to be made in inflicting harm on innocent patients, so hackers generally focus on breaching healthcare computer networks containing patient data, financial records, etc. However, the apparent rarity of direct medical device security breaches by hackers does not absolve you of regulatory responsibility to take precautions to prevent them. Manufacturers, hospital\/clinics, and users all play a role in preventing intrusion.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c822fb5 elementor-widget elementor-widget-heading\" data-id=\"c822fb5\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Planning and managing device security requires a cross-functional focus, including quality\/regulatory and design coordination.<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b959ace elementor-widget elementor-widget-text-editor\" data-id=\"b959ace\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>If your device connects to any sort of network, cybersecurity needs to be an important factor in your risk management process. The risks posed by security breaches are omnipresent and always evolving, so your risk analysis needs to take into account the likelihood that your device could be hacked and the severity of the harm if a vulnerability were exploited. You will need to work with your engineering and design team to make this assessment.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2a9f948 elementor-widget elementor-widget-heading\" data-id=\"2a9f948\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">FDA places medical device cybersecurity risks into two buckets<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4d0df07 elementor-widget elementor-widget-text-editor\" data-id=\"4d0df07\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>FDA has published a draft guidance document intended to help manufacturers meet FDA guidelines for 510(k) or PMA submissions. In the document, FDA considers devices that connect to the internet, a network, or another device \u2013 and where an intrusion could result in harm to multiple patients \u2013 to be a Tier 1 (higher risk) device. Examples include devices such as pacemakers, brain stimulators, dialysis devices, infusion and insulin pumps, and connected systems that interact with these devices. Pretty much all other connected devices are considered Tier 2 (standard risk). It is important to note that this classification does not align with FDA device classification policies, a class II device such as an infusion pump may be a Tier 1 cybersecurity risk device, while a class III device such as a cardiac atherectomy device may be a Tier 2 cybersecurity device.<\/p><h5>\u00a0<\/h5><h3>Yes, you are responsible for off-the-shelf (OTS) software embedded in your device<\/h3><p>Many device manufacturers assume that OTS software incorporated into their device has been thoroughly tested for security vulnerabilities, and that the device manufacturer bears no responsibility for testing it further. Despite what an OEM supplier has done to test and validate their software, FDA still considers you responsible for 100% of your device, not 90%. This means that you must establish a cybersecurity vulnerability and management approach as part of the software validation and risk analysis plan. FDA issued a very short Q&amp;A document on\u00a0medical device OTS software\u00a0technology light years ago (2005), but it is worth reviewing because the document addresses some common questions you may have.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-45688d7 elementor-widget elementor-widget-heading\" data-id=\"45688d7\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Standardized form and cybersecurity bill of materials (SBOM)<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cad6a9e elementor-widget elementor-widget-text-editor\" data-id=\"cad6a9e\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>The increased focus on awareness and scrutiny of cybersecurity issues has also led to the development of a standardized form that allows manufacturers to disclose the security-related features of their medical devices. The\u00a0<a href=\"https:\/\/www.nema.org\/Standards\/Pages\/Manufacturer-Disclosure-Statement-for-Medical-Device-Security.aspx\">MDS2 form<\/a>, developed by the Healthcare Information and Management Systems Society (HIMSS) and the Association of Electrical Equipment and Medical Imaging Manufacturers, allows buyers to more easily assess the vulnerabilities and risks associated with a specific medical device.<\/p><p>Complementary to the MDS2 documents is the cybersecurity bill of materials (SBOM) floated by FDA. This is a comprehensive list of all software packages incorporated into the build of software.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d85a2b5 elementor-widget elementor-widget-heading\" data-id=\"d85a2b5\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Cybersecurity throughout the device life cycle and beyond<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-201f9f3 elementor-widget elementor-widget-text-editor\" data-id=\"201f9f3\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>A final thing to keep in mind is the risk posed to patients and users after you stop supporting the device. What risks exist for older models once software patches are no longer offered? How will you deal with them? This needs to be part of your overall risk assessment and addressed in your postmarket surveillance plan.<\/p><p>While there has yet to be a published widespread attack on medical devices in the US, it does not diminish the importance of remaining vigilant and taking precautionary steps to prevent such an attack from happening. The number of medical devices connected to the internet and other networks will surely continue to grow, and with it comes the risk that hackers will engage in nefarious activities. Manufacturers must remain vigilant and follow current best practices for cybersecurity.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4db3270 elementor-widget elementor-widget-heading\" data-id=\"4db3270\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Want to learn more?<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-588334c elementor-widget elementor-widget-text-editor\" data-id=\"588334c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Oriel STAT A MATRIX offers a variety of training classes that can bring your understanding of risk management to the next level. Our\u00a0<a href=\"https:\/\/www.orielstat.com\/courses\/ISO-14971-risk-management-for-medical-devices\">ISO 14971 training class<\/a>\u00a0is one of our most popular along with our\u00a0<a href=\"https:\/\/www.orielstat.com\/training\/medical-device-cybersecurity-risk-training\">cybersecurity training<\/a>. Of course, our\u00a0<a href=\"https:\/\/www.orielstat.com\/practice\/ISO-14971-medical-device-risk-management-and-assurance-training-and-consulting\">risk consultants<\/a>\u00a0are ready to help as well.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-375d07a3 elementor-widget elementor-widget-shortcode\" data-id=\"375d07a3\" data-element_type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-shortcode\"><div class=\"container\">\n    <div class=\"col-lg-12 col-md-12\">\n        <h5 class=\"elementor-heading-title elementor-size-default\">Our team is here to help. <a href=\"javascript:void(0);\" rel=\"nofollow\" noindex=\"noindex\">Contact us online<\/a><\/h5>\n        <h5 class=\"elementor-heading-title elementor-size-default\">or<\/h5>\n        <h6 class=\"elementor-heading-title elementor-size-default\">Get answers right now. Call<\/h6>\n    <\/div>\n    <div id=\"Bottom_icons1_DivOfficePhone\" class=\"row new_update_add\">\n<div class=\"col-lg-6 col-md-12 borderbottom\">\n <div class=\"block-text1\">\n     <img decoding=\"async\" src=\"https:\/\/www.orielstat.com\/blog\/wp-content\/uploads\/2023\/11\/us-flag.jpg\">\n     <p>\n         <b>US Office<\/b>Washington DC<\/p>\n <\/div>\n <p>\n     <a href=\"tel:1.800.472.6477\">1.800.472.6477<\/a><\/p>\n<\/div>\n<div class=\"col-lg-6 col-md-12\">\n <div class=\"block-text1\">\n     <p>\n         <b>EU Office<\/b>Cork, Ireland<\/p>\n     <img decoding=\"async\" src=\"https:\/\/www.orielstat.com\/blog\/wp-content\/uploads\/2023\/11\/eu-flag.jpg\" class=\"img-right-sec\">\n <\/div>\n <p>\n     <a href=\"tel:+353 21 212 8530\">+353 21 212 8530<\/a><\/p>\n<\/div>\n<\/div>\n<\/div><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-750efe46\" data-id=\"750efe46\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-bd67b4b elementor-widget elementor-widget-sidebar\" data-id=\"bd67b4b\" data-element_type=\"widget\" id=\"top\" data-widget_type=\"sidebar.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<section id=\"search-2\" class=\"widget widget_search\"><form role=\"search\" method=\"get\" class=\"search-form\" action=\"https:\/\/www.orielstat.com\/blog\/\">\n\t\t\t\t<label>\n\t\t\t\t\t<span class=\"screen-reader-text\">Search for:<\/span>\n\t\t\t\t\t<input type=\"search\" class=\"search-field\" placeholder=\"Search &hellip;\" value=\"\" name=\"s\" \/>\n\t\t\t\t<\/label>\n\t\t\t\t<input type=\"submit\" class=\"search-submit\" value=\"Search\" \/>\n\t\t\t<\/form><\/section><section id=\"block-2\" class=\"widget widget_block\">\n<figure class=\"wp-block-image size-large\"><a href=\"#mailmunch-pop-545876\"><img decoding=\"async\" src=\"https:\/\/www.orielstat.com\/blog\/wp-content\/uploads\/2017\/06\/Blog-subscribe.jpg\" alt=\"\"><\/a><\/figure><\/section><section id=\"categories-3\" class=\"widget widget_categories\"><h2 class=\"widget-title\">Search by Topic<\/h2>\n\t\t\t<ul>\n\t\t\t\t\t<li class=\"cat-item cat-item-12\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/all-medical-device-ra-qa\/\">All Category<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-74\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/ai\/\">Artificial Intelligence (AI)<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-64\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/auditing\/\">Auditing<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-71\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/capa\/\">CAPA<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-20\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/capa-for-medical-devicecompliance\/\">CAPA and Root Cause Analysis<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-27\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/clinical-evaluation-reports\/\">Clinical Evaluation Reports<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-59\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/combination-products\/\">Combination Products<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-23\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/complaint-handling-postmarket-surveillance\/\">Complaint Handling and PMS<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-33\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/design-control\/\">Design Control<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-34\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/in-vitro-diagnostics-ivdr\/\">EU IVDR (2017\/746)<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-16\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/eu-medical-device-regulation\/\">EU MDR (2017\/745)<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-14\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/us-fda-qsr\/\">FDA 21 CFR Part 820<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-21\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/510k-submissions\/\">FDA 510(k) Submissions<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-69\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/fda-eua\/\">FDA EUA<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-4\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/iso-134852016\/\">ISO 13485 QMS Compliance<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-30\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/risk-management-iso14971\/\">ISO 14971 Risk Management<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-40\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/laboratory-developed-tests-ldt\/\">Lab Developed Tests<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-66\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/labeling\/\">Labeling<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-18\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/mdsap\/\">MDSAP<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-58\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/pharmaceutical\/\">Pharmaceuticals<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-28\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/qms-auditing\/\">QMS Auditing<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-72\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/qmsr\/\">QMSR<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-73\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/regulatory-compliance\/\">Regulatory Compliance<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-65\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/software\/\">Software<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-63\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/software-cybersecurity\/\">Software and Cybersecurity<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-32\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/supplier-management\/\">Supplier Management<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-67\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/training\/\">Training<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-1\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/medical-device-ra-qa\/\">Uncategorized<\/a>\n<\/li>\n\t<li class=\"cat-item cat-item-35\"><a href=\"https:\/\/www.orielstat.com\/blog\/category\/validation\/\">Validation<\/a>\n<\/li>\n\t\t\t<\/ul>\n\n\t\t\t<\/section>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>FDA Medical Device Cybersecurity: Understanding Your Basic Regulatory Requirements A hacker gains access to someone\u2019s insulin pump via their wi-fi network and then overdoses the patient, killing them. A \u201cmade for TV\u201d fantasy? Unfortunately, no. In 2019 the FDA identified this very real risk to devices made by one of the largest medical device companies [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1952,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"elementor_header_footer","format":"standard","meta":[],"categories":[65],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.7 (Yoast SEO v21.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\r\n<title>Oriel STAT A MATRIX &#8211; ELIQUENT Life Sciences Blog<\/title>\r\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\r\n<link rel=\"canonical\" href=\"https:\/\/www.orielstat.com\/blog\/fda-medical-device-cybersecurity-regulatory-requirements\/\" \/>\r\n<meta property=\"og:locale\" content=\"en_US\" \/>\r\n<meta property=\"og:type\" content=\"article\" \/>\r\n<meta property=\"og:description\" content=\"FDA Medical Device Cybersecurity: Understanding Your Basic Regulatory Requirements A hacker gains access to someone\u2019s insulin pump via their wi-fi network and then overdoses the patient, killing them. A \u201cmade for TV\u201d fantasy? Unfortunately, no. In 2019 the FDA identified this very real risk to devices made by one of the largest medical device companies [&hellip;]\" \/>\r\n<meta property=\"og:url\" content=\"https:\/\/www.orielstat.com\/blog\/fda-medical-device-cybersecurity-regulatory-requirements\/\" \/>\r\n<meta property=\"og:site_name\" content=\"Oriel STAT A MATRIX - ELIQUENT Life Sciences Blog\" \/>\r\n<meta property=\"article:published_time\" content=\"2023-12-03T23:57:27+00:00\" \/>\r\n<meta property=\"article:modified_time\" content=\"2024-01-12T20:29:24+00:00\" \/>\r\n<meta property=\"og:image\" content=\"https:\/\/www.orielstat.com\/blog\/wp-content\/uploads\/2019\/06\/software-engineer-examining-code_Resized-1104W736H.jpg\" \/>\r\n\t<meta property=\"og:image:width\" content=\"1\" \/>\r\n\t<meta property=\"og:image:height\" content=\"1\" \/>\r\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\r\n<meta name=\"author\" content=\"usr192162\" \/>\r\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\r\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"usr192162\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\r\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Oriel STAT A MATRIX &#8211; ELIQUENT Life Sciences Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.orielstat.com\/blog\/fda-medical-device-cybersecurity-regulatory-requirements\/","og_locale":"en_US","og_type":"article","og_description":"FDA Medical Device Cybersecurity: Understanding Your Basic Regulatory Requirements A hacker gains access to someone\u2019s insulin pump via their wi-fi network and then overdoses the patient, killing them. A \u201cmade for TV\u201d fantasy? Unfortunately, no. In 2019 the FDA identified this very real risk to devices made by one of the largest medical device companies [&hellip;]","og_url":"https:\/\/www.orielstat.com\/blog\/fda-medical-device-cybersecurity-regulatory-requirements\/","og_site_name":"Oriel STAT A MATRIX - ELIQUENT Life Sciences Blog","article_published_time":"2023-12-03T23:57:27+00:00","article_modified_time":"2024-01-12T20:29:24+00:00","og_image":[{"url":"https:\/\/www.orielstat.com\/blog\/wp-content\/uploads\/2019\/06\/software-engineer-examining-code_Resized-1104W736H.jpg","width":1,"height":1,"type":"image\/jpeg"}],"author":"usr192162","twitter_card":"summary_large_image","twitter_misc":{"Written by":"usr192162","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.orielstat.com\/blog\/fda-medical-device-cybersecurity-regulatory-requirements\/#article","isPartOf":{"@id":"https:\/\/www.orielstat.com\/blog\/fda-medical-device-cybersecurity-regulatory-requirements\/"},"author":{"name":"usr192162","@id":"https:\/\/www.orielstat.com\/blog\/#\/schema\/person\/a775f07c9602a3521143e80692594553"},"headline":"FDA Medical Device Cybersecurity: Understanding Your Basic Regulatory Requirements","datePublished":"2023-12-03T23:57:27+00:00","dateModified":"2024-01-12T20:29:24+00:00","mainEntityOfPage":{"@id":"https:\/\/www.orielstat.com\/blog\/fda-medical-device-cybersecurity-regulatory-requirements\/"},"wordCount":811,"publisher":{"@id":"https:\/\/www.orielstat.com\/blog\/#organization"},"articleSection":["Software"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.orielstat.com\/blog\/fda-medical-device-cybersecurity-regulatory-requirements\/","url":"https:\/\/www.orielstat.com\/blog\/fda-medical-device-cybersecurity-regulatory-requirements\/","name":"","isPartOf":{"@id":"https:\/\/www.orielstat.com\/blog\/#website"},"datePublished":"2023-12-03T23:57:27+00:00","dateModified":"2024-01-12T20:29:24+00:00","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.orielstat.com\/blog\/fda-medical-device-cybersecurity-regulatory-requirements\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.orielstat.com\/blog\/#website","url":"https:\/\/www.orielstat.com\/blog\/","name":"Oriel STAT A MATRIX Blog","description":"","publisher":{"@id":"https:\/\/www.orielstat.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.orielstat.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.orielstat.com\/blog\/#organization","name":"Oriel STAT A MATRIX Blog","url":"https:\/\/www.orielstat.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.orielstat.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.orielstat.com\/blog\/wp-content\/uploads\/2024\/01\/OSAM-Eliquent-logo-color.png","contentUrl":"https:\/\/www.orielstat.com\/blog\/wp-content\/uploads\/2024\/01\/OSAM-Eliquent-logo-color.png","width":1458,"height":1042,"caption":"Oriel STAT A MATRIX Blog"},"image":{"@id":"https:\/\/www.orielstat.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.orielstat.com\/blog\/#\/schema\/person\/a775f07c9602a3521143e80692594553","name":"usr192162","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.orielstat.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/1412cb81dc66fbc000fb222b1ea52700?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1412cb81dc66fbc000fb222b1ea52700?s=96&d=mm&r=g","caption":"usr192162"},"url":"https:\/\/www.orielstat.com\/blog\/author\/usr192162\/"}]}},"_links":{"self":[{"href":"https:\/\/www.orielstat.com\/blog\/wp-json\/wp\/v2\/posts\/7221"}],"collection":[{"href":"https:\/\/www.orielstat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.orielstat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.orielstat.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.orielstat.com\/blog\/wp-json\/wp\/v2\/comments?post=7221"}],"version-history":[{"count":23,"href":"https:\/\/www.orielstat.com\/blog\/wp-json\/wp\/v2\/posts\/7221\/revisions"}],"predecessor-version":[{"id":8279,"href":"https:\/\/www.orielstat.com\/blog\/wp-json\/wp\/v2\/posts\/7221\/revisions\/8279"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.orielstat.com\/blog\/wp-json\/wp\/v2\/media\/1952"}],"wp:attachment":[{"href":"https:\/\/www.orielstat.com\/blog\/wp-json\/wp\/v2\/media?parent=7221"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.orielstat.com\/blog\/wp-json\/wp\/v2\/categories?post=7221"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.orielstat.com\/blog\/wp-json\/wp\/v2\/tags?post=7221"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}