Cybersecurity Unauthorized

12.0
RAC Credits
Virtual Programs
Tuesday, 05 October 2021 (9:00 AM) - Wednesday, 06 October 2021 (5:00 PM) Eastern Time (US & Canada)

Cybersecurity has proven to be a challenge not only with regard to ensuring the security of medical devices, but also preparing documents for regulatory submissions. Health authorities in many regions, including the US, Australia, Canada, and Japan, have released new cybersecurity guidance documents. In addition to premarket concerns, some of these guidance documents also include expectations for postmarket expectations. 

Medical device companies struggle to build security programs into quality systems that were likely not designed to address typical security issues such as hardening, vulnerability management, and global incident response. 

This workshop will help regulatory and quality professionals develop the knowledge they need to help steer their organizations in the right direction when it comes to global cybersecurity expectations. Technical staff will benefit from better understanding of how to translate regulatory expectations into concrete design and development activities. Organizational leaders will gain strategic knowledge that will increase the likelihood of successful submissions and help establish trust with customers who have concerns about risks related to medical devices on their networks.


Pricing Amounts & Deadlines

22 December 2020 – 6 September 2021: Early Bird $800 Member | $900 Nonmember 

7 September 2021 – 4 October 2021: Regular $900 Member | $1000 Nonmember 


Learning Objectives;

After this program, participants will be able to: 

  • Better understand international regulatory expectations for medical device cybersecurity 
  • Learn the main components of a product security program aligned with global expectations 
  • Understand how to use pre-submissions to reduce the likelihood of cybersecurity-related deficiencies 
  • Build more successful regulatory submissions

Who Should Attend? 

This workshop will help regulatory and quality professionals develop the knowledge they need to help steer their organizations in the right direction when it comes to global cybersecurity expectations. Technical staff will benefit from better understanding of how to translate regulatory expectations into concrete design and development activities. Organizational leaders will gain strategic knowledge that will increase the likelihood of successful submissions and help establish trust with customers who have concerns about risks related to medical devices on their networks.


Agenda

  • The challenge of security: What makes this issue unique? 
  • Introduction to global regulatory expectations 
    • US, Canada, EU, Australia, China, Japan, France, Germany, IMDRF, etc. 
    • Breakout: plan your submission from a given country 
      • Security vs privacy: understanding the relationship and uniqueness 
        • Pre-submission strategies for successful cyber submission 
        • Submission strategies: What to include and what to leave out
        • Lessons learned: What regulators would like you to know about your submission
      • Cybersecurity standards: not your typical approach 
      • Product security programs: the 7 pillars 
        • Governance 
        • Design and testing 
        • Risk management 
        • Labeling and communication 
        • Vulnerability management 
        • Incident response 
        • Breakout: tabletop exercise: “You’ve been hacked! Now what?” 
        • Supply chain 
        • Musical chairs: Who’s typically responsible for different aspects of a security program? 

      Speaker(s)

      Michelle Jump

      Michelle Jump is the Global Regulatory Advisor, Medical Device Cybersecurity at MedSec, where she is responsible for providing strategic leadership, training and advisory services to the medical device industry in the area of cybersecurity compliance, global regulations, standards, product security program development, and security risk management.



      Suzanne B. Schwartz

      Suzanne B. Schwartz MD, MBA is the Director of the Office of Strategic Partnerships and Technology Innovation (OST) at FDA’s Center for Devices & Radiological Health (CDRH). Suzanne’s work in medical device cybersecurity includes raising awareness, educating, outreach, partnering and coalition-building within the Healthcare and Public Health Sector (HPH) as well as fostering collaborations across other government agencies and the private sector. Suzanne has been recognized for Excellence in Innovation at FDA’s Women’s History Month for her work in Medical Device Cybersecurity..


      Kevin Fu

      Kevin Fu is acting director of medical device cybersecurity at the US Food and Drug Administration’ s (FDA) Center for Devices and Radiological Health, and program director for cybersecurity in FDA’s Digital Health Center of Excellence. He is associate professor of EECS at the University of Michigan, where he founded the Archimedes Center for Healthcare and Device Security and directs the Security and Privacy Research Group.

      He is most known for the original 2008 cybersecurity research paper showing vulnerabilities in an implantable cardiac defibrillator. The prescient research led to more than a decade of revolutionary improvements among medical device manufacturers, global regulators, and international healthcare safety standards bodies, just as ransomware and other malicious software began to disrupt clinical workflow at hospitals worldwide.


      Matthew Hazelett

      Matthew Hazelett started at the US Food and Drug Administration (FDA) as a biomedical engineer within the Implantable Electrophysiology Devices Branch at the Center for Devices and Radiological Health (CDRH). His review areas include pacemakers, defibrillators, leads, and supporting devices, such as programmers and home monitors. Since starting at FDA, Hazelett developed a review focus in cybersecurity, participates in cybersecurity guidance development, and supports cybersecurity vulnerability assessments and reviews across CDRH. He became the cybersecurity policy analyst in FDA’s Office of Product Evaluation and Quality a year ago, focusing on cybersecurity policy development and implementation. Hazelett also has worked for a medical device research and development company as a test engineer and test manager overseeing device verification and validation testing.


      Cancellation Policy

      RAPS reserves the right to cancel this program at its sole discretion. RAPS will not be responsible for travel or other costs incurred due to cancellation. 

      All cancellation requests must be submitted in writing to support@raps.org. Cancellations will receive a full refund minus a 20% administrative fee. RAPS is unable to accept cancellations by phone. 

      Paid registration substitutions may be accepted with written approval from RAPS for requests received before the start of the event. To transfer a registration, email support@raps.org with the event title, name of the original registrant and the contact information for the new attendee. 


      Proof of Attendance

      RAPS will send an electronic letter or a certificate of attendance at the following the workshop.


      Questions

      Contact the RAPS Support Center:
      Call +1 301 770 2920, ext. 200 (8:30 am–5:30 pm EST, Monday–Friday) or email support@raps.org  

      Search for Related Content