LONDON – The European Commission has published new guidelines on cybersecurity for medical devices, putting flesh on the bones of the requirements in the Medical Devices Regulation (MDR) that comes into force in May.
TORONTO – One year ago, medical device companies were threatening to leave Canada over a new mandatory audit program they felt was too onerous and expensive. Ottawa vowed to crack down on faulty implants which it said had helped kill more than 14,000 Canadians the previous decade.
Device makers have been scrambling for space in value-based care arrangements even though the pace of adoption of those arrangements has been somewhat tepid. While device makers are not explicitly included in a proposed overhaul of the Stark and Anti-Kickback Statute (AKS) regulations, providers may soon be more engaged in these arrangements, thus providing device makers with more opportunities even if they are not included in the rewrite of the related regulatory provisions.
The device industry is quite familiar with whistleblower lawsuits, but Cisco Systems Inc., of San Jose, Calif., was recently forced to pay more than $8 million in connection with a qui tam lawsuit over cybersecurity lapses for video surveillance equipment sold to state and federal government agencies. The case suggests device makers will have to be up to speed on cybersecurity if they wish to avoid suffering a similar fate, particularly given a recent warning the FDA posted regarding a widespread cybersecurity vulnerability.
LONDON – France's Agence Nationale de Sécurité du Médicament et des Produits de Santé (ANSM) has published draft guidelines on the cybersecurity of medical devices, becoming the first national regulator in Europe to specify what manufacturers should do to protect devices against malicious attacks.