Medical Device Cybersecurity Risk Management File

S

snoopy2017

#1
Hi everyone,

How does a company construct a matrix showing cybersecurity risks, if they do not result in patient harm, just data loss, but no patient is physically harmed.

Thanks!
 
Elsmar Forum Sponsor

mihzago

Trusted Information Resource
#2
One way is to simply include the risk in the matrix, but under patient harm state that there is none. Or have a harm scale that has not patient injury as one of the levels (for example, if you have 5 levels of harm, the lowest one could be no harm)

Another way is to have a cybersecurity risk matrix that is separate from your safety risk matrix, where you would identify all security related risks, regardless of patient risk. You could then transfer to the safety risk matrix those risks that result in harm.
 

pmg76

Starting to get Involved
#3
IMHO, if your analysis shows that you have no harm, then you probably were not able to obtain a "hazardous situation" and you can't link to a specific "hazard". Basically there is no risk.
However, it seems that you are narrowing your analysis a bit. How can you assure that the data loss will not harm the patient? If the data you are loosing is clinical data, then there is a risk of not delivering the best treatment for the patient. Also the definition of harm is not only related to the patient...
 
Thread starter Similar threads Forum Replies Date
Aymaneh Medical Device Cybersecurity Risk Management IEC 27001 - Information Security Management Systems (ISMS) 2
M Informational IMDRF draft document – Principles and Practices for Medical Device Cybersecurity Medical Device and FDA Regulations and Standards News 0
M Informational Health Canada guidance document – Pre-market Requirements for Medical Device Cybersecurity Medical Device and FDA Regulations and Standards News 0
M Medical Device News Health Canada – Consultation: Pre-market Requirements for Medical Device Cybersecurity Medical Device and FDA Regulations and Standards News 0
Z Swiss Authorized representative & non-medical device regulations Other Medical Device Regulations World-Wide 0
T FDA UDI Question - Class II Medical Device Other US Medical Device Regulations 1
blackholequasar ISO 13485 certification prior to Medical Device Manufacturing... worth it? ISO 13485:2016 - Medical Device Quality Management Systems 4
P Brexit Germany - Import Medical Device For Clinical Study EU Medical Device Regulations 0
M Medical Device Marketing Material - Control of Social Media 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
Ed Panek Make sure you hire competent QA RA Folks before making a "Medical Device." Coffee Break and Water Cooler Discussions 1
B Acquired Medical Device Product Line - Documentation Requirements for Device Master Record ISO 13485:2016 - Medical Device Quality Management Systems 7
MedicalDevicesCanada How to find a medical device contract manufacturer, MDSAP certified? Canada Medical Device Regulations 4
dgrainger Informational MHRA's Software and AI as a Medical Device Change Programme UK Medical Device Regulations 0
S Medical Device - Technical Documentation structure EU Medical Device Regulations 1
LostLouie Archived Specifications and Drawings for Medical Device Technical Files EU Medical Device Regulations 4
B Reprocessing of an accessory for a medical device EU Medical Device Regulations 4
A Class 1 medical device - Thailand Other Medical Device Regulations World-Wide 0
P Interchangeable/alternative parts in BOM (medical device) Manufacturing and Related Processes 4
U Is Initial Importer Status Required if a Medical Device is Manufactured and Sterilized by an OEM in the US Other US Medical Device Regulations 1
J Shoe Covers - medical device class I EU Medical Device Regulations 3
J Software as a Medical Device - SaMD IEC 62304 - Medical Device Software Life Cycle Processes 3
C CE Marking - Medical Device Accessories EU Medical Device Regulations 0
H Existing cloud based medical device - questions regarding improving the processes IEC 62304 - Medical Device Software Life Cycle Processes 6
K Unused Service Parts in Newly Manufactured Medical Device? Other US Medical Device Regulations 1
B A.I diagnostic software is considered as medical device in FDA? US Food and Drug Administration (FDA) 5
J Medical device repairs (to upholstery) Manufacturing and Related Processes 4
Ed Panek Apple Provides New Medical Device Cautions 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
C Does a medical device active (zinc oxide) needs BPR registration in EU? Other ISO and International Standards and European Regulations 5
DanBOS Cloud Connected Medical Device 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
dgrainger Informational DRAFT: The Medical Devices (Coronavirus Test Device Approvals) (Amendment) Regulations 2021 UK Medical Device Regulations 1
S Obsolescence of the Medical Device in Various Countries Other Medical Device Related Standards 1
A IT-NETWORK in PEMS Sub-Clause 14.13 for Medical Device IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
G Medical Device - Borderline/Definition EU Medical Device Regulations 0
S Medical device equipment calibration Qualification and Validation (including 21 CFR Part 11) 1
P European Medical Device Nomenclature (EMDN) and CND EU Medical Device Regulations 4
S Reseller Request to Change UPC on Medical Device via Re-labeling Medical Device and FDA Regulations and Standards News 5
D Hand Held medical device - power supply requirements IEC 60601 - Medical Electrical Equipment Safety Standards Series 7
E Medical device applicability to WEEE Other ISO and International Standards and European Regulations 2
Fjalar Spare parts for discontinued MDD compliant class I medical device EU Medical Device Regulations 4
H Medical Device Label Acceptance Criteria Manufacturing and Related Processes 4
J Calling a medical device a medical device (when it might not be one..) UK Medical Device Regulations 29
B Regulatory Affairs Certification (RAC) Book - Fundamentals of Medical Device Regulations Medical Device and FDA Regulations and Standards News 0
N Medical device name in different countries EU Medical Device Regulations 4
V Medical Device Literature Translation Software ISO 13485:2016 - Medical Device Quality Management Systems 1
Z Over The Air (OTA) updates for medical device Other US Medical Device Regulations 1
H Tukery Medical Device Regulstion Other Medical Device Regulations World-Wide 0
M Medical device certificate in Australia - ARTG certificate Other Medical Device Regulations World-Wide 0
Q Software as a medical device vs software not sold as medical device: local regulations for sale? EU Medical Device Regulations 4
H Medical device Product Registration Registrars and Notified Bodies 2
A Can a power Supply be an accessory to a medical device, if it is an 'off-the-shelf' product. IEC 60601 - Medical Electrical Equipment Safety Standards Series 3

Similar threads

Top Bottom