Session ID: 
11

Managing Medical Device Cybersecurity Vulnerabilities

1:30pm - 2:30pm Tuesday, March 6
Las Vegas - Venetian Convention Center
Marcello 4401

Description

Medical device cybersecurity continues to evolve. Multiple initiatives are working to improve device cybersecurity, to include development of a Common Vulnerability Scoring System (CVSS) rubric to assess device vulnerability impact and severity; the use of Information Sharing and Analysis Organizations (ISAOs) to help broker medical device vulnerability management; maturing coordinated disclosure processes; device cybersecurity criteria development and testing; and table top exercises to validate vulnerability handling procedures. This session will characterize these initiatives, as well as the relevant FDA and community roles, in helping to realize safer, more secure device clinical operation and use.

Learning Objectives: 

  • Describe the Common Vulnerability Scoring System (CVSS) and how it is being adapted to assess medical device vulnerability impacts
  • Explain what an Information Sharing and Analysis Organization (ISAO) is and what role they have in helping to facilitate medical device cybersecurity
  • Discuss the lessons learned from medical device cybersecurity table top exercises and how these insights are being used to improve overall medical device cybersecurity
  • Describe the FDA’s Postmarket Management of Cybersecurity in Medical Devices, to include the main policy tenets FDA has put forward that address security throughout the total product lifecycle

Speaker(s): 

Cybersecurity Program Manager,
U.S. Food and Drug Administration
Senior Principal Scientist,
The MITRE Corporation
Continuing Education Credits: 
ABPM
1.00
AHIMA
1.00
CAHIMS
1.00
CME
1.00
CNE
1.00
CPHIMS
1.00
IAPP
1.00

Audience: 

Clinical Engineering Professional
IT Professional
Security Professional

Level: 

Intermediate