Sign up to save your podcasts
Or
Share Cybersecurity and the Future of MedTech
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Cybersecurity and the Future of MedTech
The "Consolidated Appropriations Act of 2023" (more commonly referred to as the Omnibus Act) was passed and signed into law on December 29th, 2022. This amendment to the Food and Drug Cosmetic Act has expanded the scope of the FDA beyond just "safety and efficacy" to include the cybersecurity of medical devices. This amendment resembles a watered-down version of the PATCH Act, which failed to pass in late 2022.
As a result, on March 29, 2023, the FDA gained the legal authority to define and enforce medical device cybersecurity. So for today’s episode, we got THE leading minds in MedTech cybersecurity together to discuss what we need to do next. Chris Gates, Director of Product Security at Velentium, Chris Reed, Vice President of Product Security at Medtronic, and Ken Hoyme, CEO of Dark Star Consulting, join the podcast today to discuss the new guidelines, what the FDA can and can’t say about it, and what kinds of deficiencies you’ll be seeing in the future because of the new legislation.
Some of the highlights of this episode include:- How the FDA tried to clear a path for routine patches and updates
- The minimum that the omnibus bill is talking about
- No longer needing to make the link between cybersecurity and safety and effectiveness
- When they have the legal authority to enforce cybersecurity
- Why the document took so long to go through
- Security architecture analysis
- Why you should be referencing the April 2022 draft
- Unpatched vulnerabilities at the time of submission
- The effort needed to understand the FDA’s intentions
Memorable quotes from this episode:
“Literally, if you’re not aware of this already, you’re already behind the 8-ball right now and there’s things you’ve got to do.”
“Basically, if you think it might be a cyber device, it is a cyber device.”
“Don’t sit there and try to be pedantic about this and say “I don’t need to do this because there’s a comma here.” It ain’t gonna work for you.”
“A synonym for threat modeling really is security architecture analysis.”
Links:Christopher Gates
Chris Reed
Ken Hoyme
Velentium
Medtronic
DarkStar Consulting
Medical Device Cybersecurity in 2023 and Beyond Slides
Etienne Nichols LinkedIn
Greenlight Guru
View all episodes
By Greenlight Guru + Medical Device Entrepreneurs
4.8
9292 ratings
The "Consolidated Appropriations Act of 2023" (more commonly referred to as the Omnibus Act) was passed and signed into law on December 29th, 2022. This amendment to the Food and Drug Cosmetic Act has expanded the scope of the FDA beyond just "safety and efficacy" to include the cybersecurity of medical devices. This amendment resembles a watered-down version of the PATCH Act, which failed to pass in late 2022.
As a result, on March 29, 2023, the FDA gained the legal authority to define and enforce medical device cybersecurity. So for today’s episode, we got THE leading minds in MedTech cybersecurity together to discuss what we need to do next. Chris Gates, Director of Product Security at Velentium, Chris Reed, Vice President of Product Security at Medtronic, and Ken Hoyme, CEO of Dark Star Consulting, join the podcast today to discuss the new guidelines, what the FDA can and can’t say about it, and what kinds of deficiencies you’ll be seeing in the future because of the new legislation.
Some of the highlights of this episode include:- How the FDA tried to clear a path for routine patches and updates
- The minimum that the omnibus bill is talking about
- No longer needing to make the link between cybersecurity and safety and effectiveness
- When they have the legal authority to enforce cybersecurity
- Why the document took so long to go through
- Security architecture analysis
- Why you should be referencing the April 2022 draft
- Unpatched vulnerabilities at the time of submission
- The effort needed to understand the FDA’s intentions
Memorable quotes from this episode:
“Literally, if you’re not aware of this already, you’re already behind the 8-ball right now and there’s things you’ve got to do.”
“Basically, if you think it might be a cyber device, it is a cyber device.”
“Don’t sit there and try to be pedantic about this and say “I don’t need to do this because there’s a comma here.” It ain’t gonna work for you.”
“A synonym for threat modeling really is security architecture analysis.”
Links:Christopher Gates
Chris Reed
Ken Hoyme
Velentium
Medtronic
DarkStar Consulting
Medical Device Cybersecurity in 2023 and Beyond Slides
Etienne Nichols LinkedIn
Greenlight Guru
More shows like Global Medical Device Podcast powered by Greenlight Guru
View all
Freakonomics Radio
32,005 Listeners
Economist Podcasts
4,162 Listeners
Motley Fool Money
3,215 Listeners
WSJ What’s News
4,339 Listeners
HBR IdeaCast
166 Listeners
Founders
2,160 Listeners
The Indicator from Planet Money
9,519 Listeners
Worklife with Adam Grant
9,158 Listeners
The Readout Loud
322 Listeners
Medical Device made Easy Podcast
21 Listeners
My First Million
2,656 Listeners
BioCentury This Week
34 Listeners
Barron's Live
209 Listeners
Coaching Real Leaders
673 Listeners
HBR On Leadership
165 Listeners