Foreword
1. Why Secure Medical Devices?
1.1. Why a 2nd Edition?
2. Establishing Cybersecurity Focus Within the MDM
2.1. Security Governance
2.2. Building a Security-Capable Organization
2.3. Security and Lifecycle Management – High-level Overview
2.4. Communicating Cybersecurity Needs, Costs, and Risks to Senior Leadership
2.5. Organizational Roles and Responsibilities
2.6. Regular Review of Security Maturity
3. Global Regulations and Standards
3.1. Regulatory Expectations in Major Markets
3.2. Consensus Standards
3.3. Harmonization and Alignment
4. Use Environments
4.1. Hospitals
4.2. Clinics, Doctors’ Offices, and Labs
4.3. Home Health Care
4.4. Military
4.5. Unregulated Environments
5. Supply Chain Management
5.1. Upstream Supply Chain Management
5.2 Security Criteria for Approved Supplier Lists
5.3 SBOM
5.4 Build Integrity and Attestation
5.5 Downstream Supply Chain Management
5.6 The Impact of Endemic Vulnerabilities
6. Secure Development and Production for Medical Device Manufacturers
6.1. Introduction
6.2. Secure Lifecycle Diagram Overview
6.3. Threats vs. Vulnerabilities
6.4. Securing Development Environments and Activities
6.5. Concept Phase
6.6. Planning Phase
6.7. Requirements Phase
6.8. Design Phase
6.9. Implementation Phase
6.10. Verification & Validation
6.11. Release Phase / Transfer to Production
6.12. Production
7. Documentation and Artifacts
7.1. Overview of Secure Development Deliverables
7.2 System Security Plan
7.3 Design Vulnerability Assessments
7.4 System Security Architecture
7.5. Interface Control Documents
7.6 Testing Reports
7.7 Software Bill of Materials (SBOM)
7.8 System Security Report
7.9 Labeling
7.10 Marketing and Sales Supporting Materials
8. Postmarket Vulnerability Management
8.1. Understanding FDA Expectations
8.2. Postmarket Surveillance
8.3. Updating Devices in the Field
8.4. Product Recalls
8.5. Managing End of Support (EOS) and End of Life (EOL)
9. Incident Response & Communications
9.1. Cybersecurity in Postmarket - Continuing Product Support
9.2. Incident Response
9.3. Communications
9.4. Communicating Cybersecurity Risks to Patients
10. Device Security Lifecycle for Healthcare Delivery Organizations
10.1 Pre-Procurement
10.2 Procurement
10.3 Deployment
10.4 Operations
10.5 Decommissioning
10.6 Special Scenarios
11. Aspects of IT Security in Medical Device Systems
11.1 Endpoint Security
11.2 Securing Communication Mediums
11.3 Hardware and Physical Interface Security
11.4. Hardening Common Operating Systems and Other Commercial Software
11.5. Utilizing Smart Phones and Other Off-the-Shelf or “Bring-Your-Own” Devices in Medical Device Systems
11.6. Smartphone Security
11.7. Software as a Medical Device (SaaMD)
11.8. Multifunction Products
11.9. Network Security
11.10 Chapter Conclusion: How are MDMs Making Use of These Technologies?
12. Applying Cryptography to Medical Device Systems
12.1 Overview of Cryptographic Concepts
12.2 Practical Implications and Applications of Cryptography Concepts
13. Cybersecurity Failures
14. Common Myths & Excuses
15. Appendices
15.1. Afterword to the 2nd Edition
15.2. Resources
15.3. Glossary
15.4. Index 15.5. Authors and Contributors