Medical Device Software Development: Liability Risk Mitigation 2016
With the advent of the Internet-of-Things, networking of medical devices has become routine in medical institutions. As the demand increases for greater sophistication, reduced costs, and greater ease of use, the medical device industry faces increasingly stringent regulation and litigation in the face of dramatically increasing cyber security risks.
In 2014, the US Food and Drug Agency (FDA) issued non-binding guidance for manufacturer's pre-market management of cyber security of medical devices. The agency suggested conformity to certain industry standards, ensuring authentication of users, controlling access, and detecting, mitigating, and recovering from cyber security attacks. In 2015, the FDA reported that software design failures were the most common cause of device recalls and proposed new guidelines for manufacturers. The agency issued non-binding guidance for for post-market management of cyber security of medical devices. In this non-binding guideline, the agency suggested the need for control and mitigation of cyber security risk through software patches, hardware updates, threat modeling and vulnerability assessment, risk management, and attack remediation.
Developing safe and effective medical devices requires a rigorous validation process. However, such validation is time-consuming and costly. Many developers use third-party code, such as commercial off-the-shelf software or re-use code for efficiency and cost reduction. Yet, much of this code is dated and fails to pass security and vulnerability testing. As such, medical device software development has not kept pace with the demands for greater security, up-grading, patching, and inter-operability in hospital and other settings.
To cope with these challenges, medical device software development teams must shorten development time, upgrade software, enable patching, enhance security, and provide safer and more effective products that comply with current ISO, IEC, FDA, and other standards. Manufacturers need to incorporate cyber security features into devices during the design and development phase. They also need to enable retrograde patching of older devices. Binary static analysis will enable robust analysis of third-party software, ensuring that it conforms to the device quality and security standards. Lifecycle management systems should be used to help detect, identify, and manage cyber security vulnerabilities. Finally, manufacturers also need to provide clear pre-market cyber security documentation and support for customers.
In this two hour, LIVE Webcast, a panel of thought leaders and practitioners organized by The Knowledge Group will provide an overview of the latest issues in Medical Device Pre-market and Post-market Security Risk Mitigation. Speakers will also help medical device manufacturers and health software developers better understand how to minimize pre- and post-market liability through proper risk analysis and mitigation, and compliance with relevant standards and regulations.
Key issues that will be covered in this course are:
- Medical Device Hardware and Software Development
- Cyber Security and Safety Risks
- Risk Analysis and Mitigation
- Risk Management Systems
- Relevant Industry Standards
- IEC 61508
- IEC 62304
- FDA Validation Guidance
- Pre- and Post-Market Analysis and Liability
- Trends and Challenges for Medical Technology Providers
- Reliability, Safety, Security, and Quality Control
- Changing Regulations & Compliance Risks
- Best Practices
Linda Ricci, Acting Director Digital Health Initiative, Office of Device Evaluation
- Background for Cybersecurity in Public Health
- Overview of Key activities from FDA
- Discussion of the key elements in the Cybersecurity Premarket Guidance
- Discussion of the concepts in the Postmarket Management of Cybersecurity in Medical Devices Guidance
Marc Brown, CMO and VP of Strategic Business Development
- Developing high integrity medical device software takes a new approach with a security-first philosophy - relying on tool automation that can ensure safety, reliability and security are built in from the beginning
- Medical devices are becoming very complex, adding exponentially higher levels of software threats. Today’s medical devices require comprehensive analysis - supporting coding best practices, adherence to medical standards, thorough concurrency analysis (with the continued adoption of multicore processors), and deep taint analysis (verifying potentially hazardous information flow into your device)
- Regulatory requirements can be a competitive advantage for medical device companies - those that embrace new analysis technologies can overcome the software development affordability wall and be first to market
- Managing your software supply chain is a must today! Most medical devices are developed from in-house, open-source, and 3rd-party code - teams need to analyze and validate all of it. Binary static analysis provides this added validation and assurance that your vendors are doing their jobs and not creating security vulnerabilities in your device.
- Medical device manufacturers need to partner with trusted suppliers. Grammatech has ...
Christiana P. Jacxsens, Shareholder
Greenberg Traurig, LLP
- Medical device software raises unique product liability litigation risks – identifying the litigation risks related to medical device cybersecurity
- Trends in litigation related to medical device software technology and cybersecurity
- Best practices to mitigate litigation risk and exposure
Who Should Attend:
- In-house Attorneys
- Medical Device Attorneys
- Compliance Executives from Medical Device Companies
- IT Professionals
- Risk and Compliance Officers
- Chief Technology Officer
- Medical Device Manufacturers
- Health Software Developers
- Health Care Providers
- Other related/interested professionals
Marc brings over 25 years of technology leadership experience to his role as Chief Marketing Officer.
Before joining GrammaTech in June of 2015, Marc was the Group VP of Product and Solutions Marketing at Polycom, where he helped define and market Polycom’s Workplace of the Future voice and video collaboration technologies.
Prior to Polycom, Marc spent several years in the embedded software markets with Intel, Wind River Systems, and IBM, leading several marketing teams. Earlier in his career, Marc was a software engineer with Corning Research and GE Aerospace.
Marc brings over 25 years of technology leadership experience to his role as Chief Marketing Officer. Before joining GrammaTech in …
Christiana Jacxsens is a Shareholder in Greenberg Traurig, LLP’s Pharmaceutical, Medical Device & Health Care Litigation Practice Group. She concentrates her practice on complex medical and products liability litigation, with a focus on pharmaceutical and medical device litigation. Christiana has experience managing litigation, including mass tort litigation, involving a variety of products and medical issues, such as pharmaceuticals, orthopedic and spinal medical devices, ICDs, sutures, surgical mesh devices, and investigational products. She has served as second-chair trial counsel in complex medical negligence cases and has assisted in the trials of medical device products liability and clinical trial cases. In addition, she advises hospitals, physician groups, and pharmaceutical and medical device companies on regulatory and compliance matters, including informed consent issues, adverse event reporting and HIPAA compliance.
Christiana has been recognized by a variety of publiciations, including Law360, “Product Liabiity Rising Star,” (2016); The Best Lawyers in America, Mass Tort Litigation / Class Actions - Defendants, (2013-2016); Georgia Super Lawyers, "Rising Star,"(2010-2016); and Fulton County Daily Report, "10 Atlanta Attorneys on the Rise," (2010). She is a frequent author and speaker on issues related to products liability and medical malpractice litigation.
Christiana obtained her J.D. from The George Washington University Law School in 2002. She brings to her practice of law a masters in public health from George Washington University and scientific research experience.
Christiana Jacxsens is a Shareholder in Greenberg Traurig, LLP’s Pharmaceutical, Medical Device & Health Care Litigation Practice Group. She concentrates …
Linda Ricci began her career developing artificial intelligence solutions in the defense industry. In this role she designed and developed software implementations of neural network applications. Ms. Ricci then moved to the medical device industry as a software engineer. She helped to develop several diagnostic cardiology devices and has participated in all phases of product life cycle development. Ms. Ricci moved to the FDA in 2005 first as a scientific reviewer and then as the Chief for the Cardiac Diagnostic Devices Branch in the Division of Cardiovascular Devices. In this role, she was responsible for the review of devices including automated external defibrillators, electrocardiographs, multi-parameter monitors and non-invasive blood pressure monitors. Currently Ms. Ricci leads the development and implementation of digital health policy within the Office of Device Evaluation. She has degrees in Electrical Engineering and Medical Engineering.
Linda Ricci began her career developing artificial intelligence solutions in the defense industry. In this role she designed and developed …
Print and review course materials
Method of Presentation:
NASBA Field of Study:
Specialized Knowledge & Applications
NY Category of CLE Credit:
Areas of Professional Practice
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
About GrammaTech, Inc.
GrammaTech is a leading developer of software-assurance tools and advanced cyber-security solutions. We help organizations develop and release high quality software – free of harmful defects and exploitable weaknesses that cause system failures, enable data breaches, and increase corporate liabilities in today’s connected world. With our security-first software design philosophy, you can rely on GrammaTech to help you design, develop, and deploy high-integrity device and application software, using advanced static analysis tools, and software hardening solutions.
Unlike other traditional tools vendors, GrammaTech's mission balances a commercial business with a very strong research arm. Our staff, including over 20 PhDs, is focused on the most challenging software issues impacting the embedded, machine-to-machine (M2M), and Internet of Things (IoT) device markets, through an ongoing set of highly innovative research programs developing new techniques and technologies in software analysis, binary patching and transformation, software monitoring, and autonomic computing.
About Greenberg Traurig, LLP
Greenberg Traurig, LLP is an international, multi-practice law firm with approximately 1,900 attorneys serving clients from 38 offices in the United States, Latin America, Europe, Asia, and the Middle East. The firm’s Pharmaceutical, Medical Device & Health Care Litigation Practice is nationally recognized for its dynamic courtroom presence, responsiveness to clients and deep subject matter knowledge. Recent recognitions include national rankings for 2016 “Mightiest Product Liability Practice,” from Law360; 2015 “Products Liability & Mass Torts” from Chambers USA Guide; national rankings for 2015 “Practice Liability & Mass Torts Defense: Pharmaceuticals and Medical Devices” from The Legal 500 United States; and a first-tier national ranking for "Litigation – Mass Tort Litigation and Class Actions – Defendants" from U.S. News – Best Lawyers® 2015 Best Law Firms. View more information at: www.gtlaw.com.