2021 LS&HC Horizons - Flipbook - Page 33
Life Sciences and Health Care Horizons 2021
33
Privacy and Cybersecurity
Securing medical devices from increasing cyber threats
Medical device manufacturers have a critical
role in health care organizations’ sensitive
infrastructures, as manufacturers increasingly
handle larger amounts of health data, through
connected devices and partnerships with other
health sector stakeholders. Meanwhile, cyber
threats have expanded from seeking health data
to taking control or disrupting the function of
the devices themselves, or using the devices as
a springboard for further cyberattack activity;
with these threats comes the potential for
liability to be visited on the manufacturer.
Device cybersecurity is a high priority issue for
regulators worldwide, and various government
authorities are taking action so that entities
involved in securing medical devices have
detailed information to help prevent and
manage cyber risks. These initiatives involve,
among others, the U.S. FDA, the International
Medical Device Regulators Forum (IMDRF)
working group, and the European Commission
Medical Device Coordination Group (MDCG).
Regulators worldwide have recognized that
device cybersecurity is a shared responsibility
among manufacturers, health care providers,
service providers, suppliers, patients, and
regulators — with stakeholders each having a
role in secure device deployment, operation,
and management.
In all of these initiatives, stakeholders are
encouraged to work holistically and coordinate
to fortify cybersecurity practices. It is expected
that cybersecurity be a component of the risk
management evaluation across the entire
product lifecycle that includes cybersecurity
by design as a method to support developing
appropriate instructions and warnings through
which developers are aware of potential
vulnerabilities, allocation of responsibilities,
and strategies for risk mitigation. A risk
assessment that focuses on product safety,
effectiveness, and performance can help
manufacturers understand the risk through the
design, manufacturing and commercialization
phases, which in turn provides greater
opportunity to mitigate product liability risks.
Our team is uniquely positioned to assist clients
through the entirety of the product lifecycle
as they identify and manage cyber risks to
their patients, health care providers, and their
business. When confronted with crises, clients
must understand the issues, the risks presented
and how best to mitigate them without
disrupting the entire ecosystem, and they
must have effective advocacy before relevant
regulators and other stakeholders.
Paul Otto
Partner, Washington, D.C.
paul.otto@hoganlovells.com
Matthias Schweiger
Partner, Munich
matthias.schweiger@hoganlovells.com
Jodi Scott
Partner, Denver
jodi.scott@hoganlovells.com
