Julie Omohundro How would it?

No, it won't. But there will be a huge breach at some point. An investigation. A bankruptcy. Calls for tighter legislation. Software vendors swooping in for opportunity. What say you, Christopher Burgess, Rebecca Herold, and Shelby Kobes?

Julie Omohundro What is the process by which cybersecurity could kill device innovation? I'm stumped.

Kiran C Shetty Regarding innovation specific to software, here is a link to the new Guidance Document for a software change: https://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm514737.pdf

Christopher Burgess Not at all .. device security will serve to differentiate between two equally fine devices, the one which has baked in their security from the beginning of the product creation will, imho, own the market.

The government patience in the face of the massive breaches of 2017 is begging for regulation, secure software and device firmware will be table stakes. Companies will want to embrace "secure software/firmware development life cycle" will be board-level requirements. Those who invest now, will be assured of a place at the table tomorrow.

Thanks for asking for my two cents Joe Hage, glad to assist any who need clarification on just what this entails -- it is a heavy lift no matter how you dice and slice it.

(PS: Happy Thanksgiving to you and your family)

Michael Abrams This is an absurd question. It's just a matter of time before someone holds a Bluetooth-enabled insulin pump for ransom, and device innovation does not take a place above securing protected health information.

Not sure how? UL2900 which addresses Cyber Security including Medical Devices if followed seems common sense isn't onerous if considered early.

Roger Cepeda, JD, MBA, RAC Cybersecurity has been a design input and customer requirement for years. In radiology, the MDS2 standard includes IT security profiles for devices, and most hospitals are on top of this issue to ensure devices don't increase vulnerability (e.g., open ports, outdated OS kernels, etc). My prediction is that the scandals Joe refers to will not come from devices intended for use behind a hospital firewall. Rather, it will come from home use devices or mobile apps that control devices. And the FDA is definitely aware of that risk: https://www.fda.gov/MedicalDevices/DigitalHealth/ucm373213.htm

Osama Bannout We saw everywhere that machines took humans place but it will never work without humans nor will end their presence.

Shelby Kobes I agree, developing a method that applies security from the start that also takes In account ROI and good justification on why some security is not done is very important. Try mixing SABSA, this is not just a coding issue, rather a complex business and engineering SDLC issue.

No, can add encryption for wireless, but lack of reimbursement will kill it faster than anything....

It is killing the adoption of the technology in any timeframe that is beneficial. We see this everyday in the Federal space many companies find it so difficult, time consuming and costly to meet the regulations and pass through all the hurdles they pass up the entire federal government market. There needs to be strict cyber security rules but there also needs to be a way to move through a process in a more productive a timely matter I see the government customers being deprived of tools that the civilian market has been urilizing for years because of this process. The answer may be to have cyber security professionals work with technology companies instead of in an adversarial role of just inspecting and rejecting. If we could have cyber security work in the development process with technology companies and during he testing process to help make the product more secure based on requirements

Gary Neel. Good point. Especially as health care payment systems mostlt pay when something affirmatively happens (event seeking treatment) rather than preventionresulting in nothingaffirmative happening (population health or reimbursement for NO beach or NO attack) etc.

Julie Omohundro Mark, the federal government's procurement processes are a separate topic. Pretty much anything is going to happen slowly with the feds. Cybersecurity doesn't stand out as an especially unique or high hurdle among a landscape of hurdles, IMO.

Julie Omohundro Mark, it's unfortunate that cybersecurity has an adversarial role in some companies, but it does not have that role in many other companies. As Christopher Burgess notes above, this could provide an important competitive edge in a free market. In our sort-of free market, a lot may depend on the third-party payors.

I think cyber security is further down the list of innovation prevention given the increased centralization of payers. Either a few insurers or a single payer (government) system would likely be the main impediment. The level of administrative costs and requirements make it difficult for a small, entrepreneurial company to make strides and insulates larger companies from competition. Regulatory requirements would likely be next.

Naveen Agarwal, Ph.D. A thought provoking question! Cybersecurity now is an important aspect of risk management. Therefore, it becomes critical in the Development phase, not necessarily in the Discovery/Innovation phase. Also, I think that the next generation of "innovators" will intuitively understand the importance of cybersecurity especially when a breach in cybersecurity is likely to impact device performance and patient safety. I would love to see product designers addressing this risk appropriately during Design and Development.

Julie Omohundro To key off of Shelby's comment, the innovation it will theoretically kill are digital products that don't have enough clinical/market value to justify the investment needed for cybersecurity. Theoretically, this will push investment toward products with greater clinical/market value.