mdi Consultants now offers software penetration testing to demonstrate full conformance with cybersecurity requirements under ISO 27001 and FD&C Act section 524B “Ensuring Cybersecurity of Medical Devices” for businesses engaged in software usage for their medical devices and other related regulatory products produced under ISO and FDA standards.
Medical devices commonly use cloud-based software, Bluetooth connectivity, and wireless remote controls as methods of operating the equipment and transferring data. These connections expose the devices to the possibility of outside interference, or hacking, which can result in device malfunction or control of the device passing to an unauthorized outside user.
The FDA requires that all manufacturers of “cyber devices,” or devices subject to the threat of electronic attack, take steps to mitigate the risk of a cyberattack. Penetration testing under a controlled environment will provide the necessary validation studies to affirm to the regulatory and/or certifying agencies that vulnerabilities which may leave a system open to hacking have been found and mitigated. The studies will be conducted by a cybersecurity firm with an extensive background in penetration testing, code review, and configuration audit in fields such as finance, critical infrastructure, and government services.
The test firm will work closely with the clients’ IT team or vendors, utilizing the most up-to-date methodology for testing of Web applications, mobile applications, appliances/hardware, and network devices. Black box, grey box, and white box methodologies can be employed in the testing scenarios. Following the test, the cybersecurity firm will produce a report detailing observed vulnerabilities and recommendations for action on the client’s part to strengthen their software packages.
This collaboration by mdi with a leading penetration test firm is part of our commitment to expand the scope of our services and better prepare our clients to pass the regulatory hurdles required to bring their products to market. With our partner, we are proud to be able to offer this service to our clients in the medical device field and beyond.
Call us at 516-482-9001 for further information if you desire to have your software “hacked under controlled circumstances” to determine if your software can meet requirements under FDA and ISO standards.
Please note: “The FDA recognizes that all cyber devices are vulnerable to attack and therefore requires all manufacturers to take steps to lower the risk of such an attack prior to bring their device to market. A penetration test is a key component of lowering risk and should be conducted by professionals who were not involved with designing or building the system or device. Although the risk of a cyberattack can never be eliminated, a penetration test will identify key vulnerabilities that, when remedied, will lead to a more secure system or device.”
mdi Consultants