Medical Device Software Cybersecurity and IEC 62304 Compliance

Overview:

This session will provide some insight into current trends in cybersecurity threats to medical devices and how to follow industry best practices to prevent and/or mitigate these threats.

Cybersecurity is a serious concern for medical device safety and effectiveness. Without protection, software running on a medical device could cause severe injury or death to a patient. There are many forms of cybersecurity and many remedies for thwarting attempts to penetrate medical device software. Most of these are based in physical and logical security practices that are becoming best industry practices. This webinar will detail some of the threats and ways to mitigate them to protect consumers from harm. This webinar will also focus on IEC 62304. Medical devices can use very complex software applications, and any failure to function properly could lead to potential injury or death of a consumer or patient. There is a need to improve overall standards for medical device software to account for this high risk potential. The majority of software recalls in the 1990s were due to software defects that were a result of software being upgraded. There is a need to restructure medical device software development processes, and adopting IEC 62304 provides a standard for design that is accepted in the United States (US) and European Union (EU). IEC 62304 is a risk-based approach to compliance that ensures the standards followed are appropriate for their potential assessed risk. IEC 62304 is a lifecycle approach that defines the activities and tasks required to ensure software for medical devices will be safe and reliable. Applying IEC 62304 will reduce your overall rate of software failure and improve your bottom line. 

Speaker Profile

Carolyn (McKillop) Troiano has more than 35 years of experience in the tobacco, pharmaceutical, medical device and other FDA-regulated industries. She has worked directly, or on a consulting basis, for many of the larger pharmaceutical and tobacco companies in the US and Europe, developing and executing compliance strategies and programs. Carolyn is currently active in the Association of Information Technology Professionals (AITP), and Project Management Institute (PMI) chapters in the Richmond, VA area. During her career, Carolyn worked directly, or on a consulting basis, for many of the larger pharmaceutical companies in the US and Europe. She developed validation programs and strategies back in the mid-1980s, when the first FDA guidebook was published on the subject, and collaborated with FDA and other industry representatives on 21 CFR Part 11, the FDA's electronic record/electronic signature regulation.