Medical Device Innovation Consortium Awarded $2.8 Million For Cybersecurity Programs
The Medical Device Innovation Consortium (MDIC) announced it has been awarded $2.8 million in funding by the U.S. Food and Drug Administration (FDA) for the expansion of the Case for Quality and medical device cybersecurity programs.
According to a press release, the award will develop and evaluate a variation of the Case for Quality Voluntary Improvement Program pilot (CfQ VIP), formerly known as the CDRH Voluntary Medical Device Manufacturing and Product Quality Program, for medical device manufacturing sites that identify as having quality system issues or have been determined to be out of compliance with the quality system regulations. This variation will assess whether using a quality maturity assessment process that evaluates the execution of a quality system instead of compliance, leads to faster improvements in quality and compliance.
The award also expands proposed work on threat modeling for cybersecurity of medical devices. A systematic approach to threat modeling can enable manufacturers to effectively address system level risks, including but not limited to risks related to the supply chain, design, production, and deployment. As an integral part of managing medical device cybersecurity risk, integration of threat modeling provides a blueprint to strengthen security through the total product lifecycle of medical devices, says the press release. MDIC will be launching a boot camp series on cybersecurity threat modeling for medical devices; and the development of threat modeling best practices for device stakeholders.
Additionally, MDIC’s work on cybersecurity threat modeling for medical devices will enable manufacturers to effectively address system level risks, including but not limited to risks related to the supply chain (e.g., to ensure the device remains free of malware), design, production and deployment (i.e., into a connected/ networked environment), and thereby strengthen security by identifying vulnerabilities and threats to a particular product, products in a product line, or from an organization’s supply chain that can cause patient harm.