Controlling For Cybersecurity Risks of Medical Device Software

While computer-related failures are known to play a significant role in deaths and injuries involving medical devices reported to the U.S. Food and Drug Administration (FDA),¹ there is no similar reporting system that meaningfully captures security-related failures in medical devices.

Medical device software must satisfy system properties including safety, security, reliability, resilience, and robustness among others. This column focuses on the challenges to satisfying a security property for medical devices: post-market surveillance, integrity and availability, and regulation and standards.