Copyright: 2024
Pages: 410
ISBN: 9781630819927

Our Price: $112.00
Qty:

Description

Medical Device Cybersecurity for Engineers and Manufacturers, Second Edition removes the mystery from cybersecurity engineering and regulatory processes and practices, showing medical device manufacturers how to produce and maintain devices that meet evolving regulatory expectations and reduce cybersecurity risks to business and patients. It represents a complete guide for medical device manufacturers seeking to implement lifecycle processes that secure their premarket and postmarket activities.

 

This step-by-step guide educates manufacturers about the implementation of security best practices in accordance with industry standards and expectations, advising the reader about everything from high-level concepts to real-world solutions and tools. It focuses on the security aspects of every lifecycle phase of the product, including concept, design, implementation, supply chain, manufacturing, postmarket maintenance, and end of life. It details the practices, processes, and outputs necessary to create a secure medical device capable of gaining regulatory approval and meeting market entry requirements.

 

Reflecting rapid industry developments, regulatory changes, and technology advances, this new edition equips manufacturers with the knowledge to produce secure products that meet regulatory and market requirements while anticipating threats from sophisticated cyber adversaries. It's an indispensable resource for a wide range of professionals involved in medical device manufacturing, including engineering management, software/firmware engineers, business managers, regulatory professionals, contract manufacturers, FDA regulators, product/project managers, sales and marketing teams, and healthcare delivery organizations.

Table Of Contents

Foreword

 

1. Why Secure Medical Devices?
1.1. Why a 2nd Edition?

 

2. Establishing Cybersecurity Focus Within the MDM
2.1. Security Governance
2.2. Building a Security-Capable Organization
2.3. Security and Lifecycle Management – High-level Overview
2.4. Communicating Cybersecurity Needs, Costs, and Risks to Senior Leadership
2.5. Organizational Roles and Responsibilities
2.6. Regular Review of Security Maturity

 

3. Global Regulations and Standards
3.1. Regulatory Expectations in Major Markets
3.2. Consensus Standards
3.3. Harmonization and Alignment

 

4. Use Environments
4.1. Hospitals
4.2. Clinics, Doctors’ Offices, and Labs
4.3. Home Health Care
4.4. Military
4.5. Unregulated Environments

 

5. Supply Chain Management
5.1. Upstream Supply Chain Management
5.2 Security Criteria for Approved Supplier Lists
5.3 SBOM
5.4 Build Integrity and Attestation
5.5 Downstream Supply Chain Management
5.6 The Impact of Endemic Vulnerabilities

 

6. Secure Development and Production for Medical Device Manufacturers
6.1. Introduction
6.2. Secure Lifecycle Diagram Overview
6.3. Threats vs. Vulnerabilities
6.4. Securing Development Environments and Activities
6.5. Concept Phase
6.6. Planning Phase
6.7. Requirements Phase
6.8. Design Phase
6.9. Implementation Phase
6.10. Verification & Validation
6.11. Release Phase / Transfer to Production
6.12. Production

 

7. Documentation and Artifacts
7.1. Overview of Secure Development Deliverables
7.2 System Security Plan
7.3 Design Vulnerability Assessments
7.4 System Security Architecture
7.5. Interface Control Documents
7.6 Testing Reports
7.7 Software Bill of Materials (SBOM)
7.8 System Security Report
7.9 Labeling
7.10 Marketing and Sales Supporting Materials

 

8. Postmarket Vulnerability Management
8.1. Understanding FDA Expectations
8.2. Postmarket Surveillance
8.3. Updating Devices in the Field
8.4. Product Recalls
8.5. Managing End of Support (EOS) and End of Life (EOL)

 

9. Incident Response & Communications
9.1. Cybersecurity in Postmarket - Continuing Product Support
9.2. Incident Response
9.3. Communications
9.4. Communicating Cybersecurity Risks to Patients

 

10. Device Security Lifecycle for Healthcare Delivery Organizations
10.1 Pre-Procurement
10.2 Procurement
10.3 Deployment
10.4 Operations
10.5 Decommissioning
10.6 Special Scenarios

 

11. Aspects of IT Security in Medical Device Systems
11.1 Endpoint Security
11.2 Securing Communication Mediums
11.3 Hardware and Physical Interface Security
11.4. Hardening Common Operating Systems and Other Commercial Software
11.5. Utilizing Smart Phones and Other Off-the-Shelf or “Bring-Your-Own” Devices in Medical Device Systems
11.6. Smartphone Security
11.7. Software as a Medical Device (SaaMD)
11.8. Multifunction Products
11.9. Network Security
11.10 Chapter Conclusion: How are MDMs Making Use of These Technologies?

 

12. Applying Cryptography to Medical Device Systems
12.1 Overview of Cryptographic Concepts
12.2 Practical Implications and Applications of Cryptography Concepts

 

13. Cybersecurity Failures

 

14. Common Myths & Excuses

 

15. Appendices
15.1. Afterword to the 2nd Edition
15.2. Resources
15.3. Glossary
15.4.Index
15.5. Authors and Contributors

Author

  • Axel Wirth

    holds a Master of Science in Engineering Management from Tufts University and a Bachelor of Science in Electrical, Electronics, and Communications Engineering from Düsseldorf University of Applied Sciences. He is currently the Chief Security Strategist at MedCrypt, where he has led efforts to integrate modern cybersecurity into healthcare technology since September 2019. He also serves as an Adjunct Professor at the University of Connecticut, teaching "Medical Device Cybersecurity" to graduate students.

  • Christopher Gates

    holds a B.S. in Computer Science from California State University. He is the Director of Product Security at Velentium, where he has been since January 2021. He previously worked as a Principal System Security Architect at Velentium, implementing Secure Development Lifecycle processes. Prior to Velentium, Christopher worked as an Embedded Security Architect and Senior Software Engineer at Illuminati Engineering.

  • Jason Smith

    holds a bachelor's degree in English and Religious Studies from William & Mary and a master's degree in Apologetics and Cultural Studies from Houston Baptist University. He is currently serving as a Senior Marketing Strategist at Velentium and previously worked as a Technical Writer. As a self-employed author since 2001, Jason has published an extensive collection of works, including four Amazon bestsellers, three novels, two anthologies, two memoirs, an engineering textbook, and a business book. His expertise extends to consulting on book projects and various forms of written communication, encompassing fiction, poetry, academic, technical, business, marketing, applications, and proposals.