No Match Found
Recent regulations issued on cybersecurity by both the SEC and FDA highlight the opportunities for medtech organizations to help build trust among their stakeholders, safeguard their brands, provide protection for their customers and more importantly, their patients. By proactively mitigating cybersecurity risks, medtech organizations can demonstrate their commitments to safety and trust.
The Securities and Exchange Commission (SEC) released its final rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure on July 26, 2023 (sec.gov) and the new disclosure requirements take effect in mid-December.
The medtech industry has its own unique challenges that should be addressed so they can meet the SEC cyber requirements:
M&A activity: The medtech industry has undergone significant consolidation in recent years, which can create the risk of an incoherent product ecosystem.
Medtech companies have a responsibility to remain patient-centric while complying with regulations related to their devices. With this call to action, medtech organizations should prioritize cyber efforts and reporting, including assessing readiness across the following areas:
1. Enterprise governance model: Organizations should assess whether their governance and associated procedures are currently up-to-date and effective. A regular cadence for review and revision should be established.
2. Establishing a stronger security posture through:
3. Continuous logging, monitoring and incident response:
4. Traceability: Traceability of both equipment used for internal used and external equipment (e.g., devices they have sold now present in the field).
6. Testing and training: The complexity of both cybersecurity threats and the industry’s products are constantly increasing.
7. Industry collaboration: Engage closely with health systems to help:
Cyber threats can lead to medtech business and supply chain disruption for end users and jeopardize patient trust, quality and safety. The sector should work to proactively navigate this changing landscape and help protect organizations and patients through effective cybersecurity practices.