Revenera logo
Image: A Medical Device Health Check from the FDA

It’s a connected world. The IoT is one of the most defining technologies of the Fourth Industrial Revolution. Business leaders across industries are paying attention, including the healthcare industry where the name of the game is finding innovative, cost-effective ways to deliver patient-centered, technology-enabled healthcare.

Who can get there first is certainly worth watching, but the players in this race have to proceed efficiently and expediently, but with caution, especially when medical devices play a role in patient treatment.

Safety is the #1 Concern

Ensuring the safety of medical devices is a priority for The Food and Drug Administration (FDA) which regulates over 190,000 different devices manufactured by more than 18,000 firms in more than 21,000 medical device facilities worldwide. Although the benefits of medical devices are tremendous, there is also risk, especially when open source and third-party software is used in development.

The FDA recognizes that ensuring the continuing safety of medical devices is complex, but also extremely important, as they must track the use and functionality of devices over their lifetime. Having said that, the Administration is looking at evolving their Medical Device Safety Action Plan: Protecting Patients, Promoting Public Health. The plan is considering requiring medical device firms to implement advanced medical device cybersecurity steps, including:

  • Consider potential new premarket authorities to require firms, on the front end, to build capability to update and patch device security into a product’s design and to provide appropriate data regarding this capability to FDA as part of the device’s premarket submission
  • Develop a “Software Bill of Materials” that must be provided to FDA as part of a premarket submission and made available to medical device customers and users, so that they can better manage their networked assets and be aware of which devices in their inventory or use may be subject to vulnerabilities.

One of the goals of requiring the availability of a “Software Bill of Materials” is to streamline the possibility of timely post-market mitigations.

The Answer to Code Health Management

Medical device firms would be smart to get ahead of the game now by using an effective Software Composition Analysis tool like FlexNet Code Insight which helps protect your code, your customers and your reputation. It enables you to know what’s in your code, close the door on potential vulnerabilities, and track all open source and third-party components.