Medical devices, like other computer systems, can be vulnerable to security breaches, potentially impacting the safety and effectiveness of the device. This vulnerability increases as medical devices are increasingly “connected” to the Internet, hospital networks, and to other medical devices.
In a recent study, it was found that a variety of medical devices and healthcare related IT systems currently in use in hospitals had serious security vulnerabilities that could be relatively easily exploited. These included drug infusion pumps (devices used for a variety of purposes including delivering anaesthetics, chemotherapy and life supporting drugs) that could be remotely manipulated to change the dose delivered to patients; Wireless implanted cardioverter-defibrillators that could be maliciously programmed to deliver unnecessary and potentially fatal shocks to a patient’s heart or to prevent a shock from occurring when it was needed; temperature settings on blood storage refrigerators that could be reset; and electronic health records that could be altered to potentially cause doctors to misdiagnose conditions and prescribe the wrong treatments.
In the European Union, the Medical Devices Directives require manufacturers to reduce all risks as far as possible, including those related to cybersecurity. In the US, the FDA states "Manufacturers are responsible for remaining vigilant about identifying risks and hazards associated with their medical devices, including risks related to cybersecurity, and are responsible for putting appropriate mitigations in place to address patient safety and assure proper device performance"
If medical device manufacturers and healthcare institution IT professionals take the necessary steps to develop and deploy secure software systems, many of these threats can be reduced significantly or eliminated.
What you will learn
This advanced training event will highlight the sources and scope of the threats and identify the common vulnerabilities. It will present practical, best practice guidelines that work within the framework of medical device software development standards including:
Risk Management: What are the threats, how might they arise and what tools and technologies might they use.
Development planning: How to incorporate effective strategies throughout development to deal with cybersecurity threats including correct resources required, expertise and verification and verification planning.
Requirements Management: How and what to specify in Software Requirements Specifications.
Architectural Design: How to create inherently secure software architectures.
Detailed Design and Coding: How to design for security and eliminate coding errors that lead to vulnerabilities.
Verification and Validation: How to test for security.
Post Market Surveillance: What to include in PMS activities.
Regulatory Submissions: What to include in regulatory submissions in the EU and US on the subject of cybersecurity.
Who should attend
Medical Device Manufacturers: R&D Managers, Software Managers, Architects and Engineers;
Healthcare Providers: IT Systems Managers, Purchasing Specialists
Our location in the heart of the city means that IET Birmingham: Austin Court is fully accessible by all major transport links across the Midlands and is conveniently located seconds from the National Indoor Arena.
50% Discount for SMEs in the Medical Device and Life Sciences Sectors located in England
Please contact the organiser for details of how you can claim back 50% of the cost of attending this event.
Peter Brady is a healthcare and medical devices software and systems specialist with deep understanding of software development and international regulation and standards. Key skills in software development, safety risk management and human factors and usability engineering with experience ranging from low cost embedded solutions to complex systems running on multi-core parallel processors. He has wide experience in healthcare sectors including oncology, proton therapy, imaging, implantable devices, renal therapy, diabetes management, vascular therapy, minimally invasive surgical devices, pressure area care, point-of-care diagnostics and drug delivery. He has worked as an engineer, manager and director and is also an approved EU Notified Body assessor for software submissions.
We will also be joined by former police superintendent and specilaist in computer forensics Bob Bird, now Senior Lecturer in Digital Forensics & Ethical Hacking at the University of Coventry