Battelle: Medical device security baseline

The FDA, as a part of its Content of Premarket Submissions for Management of Cybersecurity in Medical Devices, recommends that manufacturers describe how their device addresses cyber security. The description needs to specifically focus on the three components: Confidentiality, Integrity, Availability, also known as CIA.

Confidentiality is roughly equivalent to privacy, as it is a device’s ability to safeguard its data from unapproved access. An example of confidentiality would be only allowing the access of patient data to an approved user, such as the patient’s doctor. Integrity concentrates on maintaining the accuracy and trustworthiness of the device’s assets, ranging from the system’s configuration and its data, to its software applications. For example, when the doctor pulls up a patient’s information, it’s important that that information is accurate. Availability is the concern that the device will serve its core purpose when it is needed. If a patient requires a specific amount of medicine every 20 minutes, it’s critical that the drug delivery mechanism be functional for the duration of the patient’s treatment.

• Email*
• Name*
  First Last
• Company*
• Job Title*
• Phone

The post Battelle: Medical device security baseline appeared first on MassDevice.

from MassDevice http://ift.tt/1RkUwxp