Biggest Challenges Facing the Connected Medical Device Industry


Connected medical device vulnerabilities continue to proliferate at an alarming rate. Hospital networks are
consistently under attack posing a significant threat to patient safety, and medical device manufacturers are
struggling to implement cybersecurity risk management requirements using proven standardized and collaborative risk management frameworks.

On the regulatory side, conducting a cybersecurity risk assessment is now a mandatory requirement for all connected medical devices. In 2014, FDA issued guidance for premarket cybersecurity risk management which was quickly followed by a subsequent guidance outlining recommendations for postmarket cybersecurity risk management. This regulatory document sets out expectations for manufacturers to consider cybersecurity throughout the entire lifecycle of a device by developing “a structured and comprehensive program to manage cybersecurity risks” even after their products have been sold.

In this article we explore the biggest challenges facing the medical device industry with regards to cybersecurity and the benefits of implementing an expert medical device risk assessment software solution such as SelectEvidence® from Nova Leah.

Biggest Challenges Facing the Medical Device Industry with Regards to Cybersecurity

A 2017 Deloitte & Touche LLP poll indicated more than one-third of surveyed professionals in the Internet of Things-connected medical device ecosystem say their organizations have experienced a cybersecurity incident in the past year. This figure is sure to rise, and will result in significant impacts to product development resourcing and costs, patient safety and trust, recalls, and potential regulatory fines.

Further polling by Deloitte exposed the following as top challenges to be addressed…

Figure 1: Key medical cybersecurity challenges – Source: 2017 Deloitte Development LLC, Medical Devices and the Internet of Things: A three-layer defense against cyber threats

SelectEvidence® the Expert Cybersecurity Risk Management Solution for Medical Device Industry

The experts at Nova Leah have developed SelectEvidence® to address these very challenges.

SelectEvidence® is a turnkey collaborative cybersecurity expert system that supports medical device manufacturers in designing, verifying and certifying connected medical devices to meet these FDA guidelines and industry security standards. It also assists healthcare providers in the selection, acquisition and risk management of medical devices on their healthcare networks.

SelectEvidence® allows stakeholders to identify cybersecurity requirements for their devices using proven standards within a collaborative framework. SelectEvidence® is supported by state of the art repositories and machine learning capabilities which inform each step of the risk management process providing full traceability from risk identification to treatment.

SelectEvidence® facilitates and informs all premarket and postmarket risk management activities. With the functionality to import a Software Bill of Materials (sBoM), SelectEvidence® continuously surveys for newly identified vulnerabilities alerting users to these findings and suggested mitigations. The system is a cradle to grave solution, managing cybersecurity processes from product development, market approval, integration, use, to product retirement.

SelectEvidence® can be deployed as a standalone cybersecurity expert system for an individual stakeholder or can be used as a collaborative solution for managing risk and information sharing between both manufacturers and healthcare providers.

SelectEvidence® not only assists medical device manufacturers to fully comply with FDA
recommendations it also:

>   Accelerates medical device design, development and validation
>   Addresses the scarcity of security professional resources challenging many device manufacturers
>   Automatically generates MDS2 forms
>   Breaks down knowledge barriers between manufacturers and healthcare providers, improving the
security of a device over its lifetime
>   Produces documentary evidence of compliance to regulators, auditors and customers
>   Reduces costs associated with postmarket surveillance, coordinated vulnerability disclosure and
>   Reduces the likelihood of product recalls due to cybersecurity vulnerabilities
>   Reduces the time spent uncovering vulnerabilities and selecting the appropriate mitigating controls to
support a device in operation
>   Reduces time-to-market for new 510k and PMA submissions

Contact Us

For more information about us go to or reach us at 1-617-314-7010