SOLD OUT - Cybersecurity Unauthorized

12.0
RAC Credits
Virtual Programs
Wednesday, 17 March 2021 (9:00 AM) - Thursday, 18 March 2021 (5:00 PM) Eastern Time (US & Canada)
This workshop is currently sold out but will be repeated on 5 & 6 October 2021. Details of the upcoming Cybersecurity Unauthorized workshop can be found here

Cybersecurity has proven to be a challenge not only with regard to ensuring the security of medical devices, but also preparing documents for regulatory submissions. Health authorities in many regions, including the US, Australia, Canada, and Japan, have released new cybersecurity guidance documents. In addition to premarket concerns, some of these guidance documents also include expectations for postmarket expectations.

Medical device companies struggle to build security programs into quality systems that were likely not designed to address typical security issues such as hardening, vulnerability management, and global incident response.

This workshop will help regulatory and quality professionals develop the knowledge they need to help steer their organizations in the right direction when it comes to global cybersecurity expectations. Technical staff will benefit from better understanding of how to translate regulatory expectations into concrete design and development activities. Organizational leaders will gain strategic knowledge that will increase the likelihood of successful submissions and help establish trust with customers who have concerns about risks related to medical devices on their networks.

Pricing Amounts & Deadlines

22 December 2020 – 17 February 2021: Early Bird $800 Member | $900 Nonmember
18 February 2021 – 16 March 2021: Regular $900 Member | $1000 Nonmember

Objectives

After this program, participants will be able to:
• Better understand international regulatory expectations for medical device cybersecurity
• Learn the main components of a product security program aligned with global expectations
• Understand how to use pre-submissions to reduce the likelihood of cybersecurity-related deficiencies
• Build more successful regulatory submissions

Who Should Attend?

This workshop will help regulatory and quality professionals develop the knowledge they need to help steer their organizations in the right direction when it comes to global cybersecurity expectations. Technical staff will benefit from better understanding of how to translate regulatory expectations into concrete design and development activities. Organizational leaders will gain strategic knowledge that will increase the likelihood of successful submissions and help establish trust with customers who have concerns about risks related to medical devices on their networks.

Agenda

I. The challenge of security: What makes this issue unique?
II. Introduction to global regulatory expectations
a. US, Canada, EU, Australia, China, Japan, France, Germany, IMDRF, etc.
b. Breakout: plan your submission from a given country
III. Security vs privacy: understanding the relationship and uniqueness
IV. Pre-submission strategies for successful cyber submission
V. Submission strategies: What to include and what to leave out
VI. Lessons learned: What regulators would like you to know about your submission
VII. Cybersecurity standards: not your typical approach
VIII. Product security programs: the 7 pillars
a. Governance
b. Design and testing
c. Risk management
d. Labeling and communication
e. Vulnerability management
f. Incident response
i. Breakout: tabletop exercise: “You’ve been hacked! Now what?”
g. Supply chain
IX. Musical chairs: Who’s typically responsible for different aspects of a security program?

Speaker(s)


Michelle Jump, Global Regulatory Advisor, Medical Device Cybersecurity, MedSec 
Michelle Jump is the Global Regulatory Advisor, Medical Device Cybersecurity at MedSec, where she is responsible for providing strategic leadership, training and advisory services to the medical device industry in the area of cybersecurity compliance, global regulations, standards, product security program development, and security risk management.  


Suzanne B. Schwartz, MD, MBA, Director, Office of Strategic Partnerships and Technology Innovation, Center for Devices and Radiological Health (CDRH), FDA 
Suzanne B. Schwartz, MD, MBA is the Director of the Office of Strategic Partnerships and Technology Innovation (OST) at FDA’s Center for Devices & Radiological Health (CDRH).   Suzanne’s work in medical device cybersecurity includes raising awareness, educating, outreach, partnering and coalition-building within the Healthcare and Public Health Sector (HPH) as well as fostering collaborations across other government agencies and the private sector. Suzanne has been recognized for Excellence in Innovation at FDA’s Women’s History Month for her work in Medical Device Cybersecurity.


Kevin Fu, Director of Medical Device Cybersecurity at the US Food and Drug Administration’ s (FDA) Center for Devices and Radiological Health, and Program Director for Cybersecurity in FDA’s Digital Health Center of Excellence
Kevin Fu is acting director of medical device cybersecurity at the US Food and Drug Administration’ s (FDA) Center for Devices and Radiological Health, and program director for cybersecurity in FDA’s Digital Health Center of Excellence. He is associate professor of EECS at the University of Michigan, where he founded the Archimedes Center for Healthcare and Device Security and directs the Security and Privacy Research Group. He is most known for the original 2008 cybersecurity research paper showing vulnerabilities in an implantable cardiac defibrillator. The prescient research led to more than a decade of revolutionary improvements among medical device manufacturers, global regulators, and international healthcare safety standards bodies, just as ransomware and other malicious software began to disrupt clinical workflow at hospitals worldwide.


Matthew Hazelett, Cybersecurity Policy Analyst, Food and Drug Administration Center for Devices and Radiological Health Office of Product Evaluation and Quality Clinical and Scientific Policy Staff
Matthew Hazelett started at the US Food and Drug Administration (FDA) as a biomedical engineer within the Implantable Electrophysiology Devices Branch at the Center for Devices and Radiological Health (CDRH). His review areas include pacemakers, defibrillators, leads, and supporting devices, such as programmers and home monitors. Since starting at FDA, Hazelett developed a review focus in cybersecurity, participates in cybersecurity guidance development, and supports cybersecurity vulnerability assessments and reviews across CDRH. He became the cybersecurity policy analyst in FDA’s Office of Product Evaluation and Quality a year ago, focusing on cybersecurity policy development and implementation. Hazelett also has worked for a medical device research and development company as a test engineer and test manager overseeing device verification and validation testing.



Cancellation Policy

RAPS reserves the right to cancel this program at its sole discretion. RAPS will not be responsible for travel or other costs incurred due to cancellation.

All cancellation requests must be submitted in writing via our online cancellation form. RAPS is unable to accept cancellations by phone. Please specify the name of the person registered and event title.

Substitutions may be accepted with written approval from RAPS and must be submitted to raps@raps.org.

If you have questions or concerns, please contact RAPS customer service at +1 301 770 2920, ext. 200, or via email at raps@raps.org

Search for Related Content


Global