Medical Devices Group

  • Community
  • Webinars
  • Jobs
  • Events
  • Contact
  • Go Premium
« Back to Previous Page
like 8 comments  share
Joe Hage
🔥 Find me at MedicalDevicesGroup.net 🔥
May 2017
Validating security patches
< 1 min reading time

I would like to check what is in your experience the best way to make sure that security patches installed by a hospital on your device are validated prior to installment? or in other words, what is the best way to ensure hospitals contact you when installing a security patch?

source: https://www.linkedin.com/groups/2070960/2070960-6271343322896297984

Marked as spam
Posted by Joe Hage
Asked on May 19, 2017 12:00 am
77 views
  • Follow
  • Unfollow
  • Report spam
like 8 comments  share

Meet your next client here. Join our medical devices group community.

Private answer
Rob Packard I was hoping we might get some people to answer this one, but the non-software expert will provide a suggestion...There is a huge push to gather more post-market surveillance, because even if regulators could be certain that devices are safe and effective at the time of approval (which they never are) as time passes changes to accessories, new users, new patients and changes to the device itself (like security patches) need verification that the device will remain safe and effective. Follow-up on verification and validation of security patches for software and firmware is an excellent example of how to use PMS. PMS is not just a satisfaction survey.
Marked as spam
like
  • Report spam
Private answer
Ensure you retain administrative privileges to the device in question such that the hospital contacts you before an update.You could then take an informed decision based on the impact the security patch has on your intended use.
Marked as spam
like
  • Report spam
Private answer
thanks Robert Packard for your input. Nowdays hospital taking a more active part in protecting their systems and networks from possible threats and are installing security patches on all connected PCs in their network, including medical devices. However, medical devices require validation prior to such installation. I wanted to know from manufacturers what is the best way to ensure the patch is validated? By a contract with a hospital? by performing routine PMS as you suggested?
Marked as spam
like
  • Report spam
Private answer
Sonja Holten Did you consider a delivery through the Field correction Channel. Except for the Reporting to the country CA's of a mandatory correction, the process is perfectly suited to the task. From development through to Validation and roll out, everything is monitored and traceable, governed by timelines and completeness checks. So if you have it, why not operate it to roll out your security updates?
Marked as spam
like
  • Report spam
Private answer
Sonja Holten Delivery as a Field Correction.
Marked as spam
like
  • Report spam
Private answer
Eckhard Jokisch The best way I know it to put something in the contract that they assure to use a software that checks the dependencies and sends out emails to the software suppliers that may be affected by the patch. I 've seen such a home brewed system but don't know if there is something out there to buy.
An according procedure for validating patches has to be in their QMS.
But if your question is about people doing just something without caring about the definitions in the QMS then there is a big top management issue.
Marked as spam
like
  • Report spam
Private answer
Rob Packard My apologies for the late approval of comments. There is a new LinkedIn interface for managing the group and I did not understand how to use it properly until today.
Marked as spam
like
  • Report spam
Private answer
The question is, IMHO, misplaced: what do suppliers do to ensure that their devices are not affected by zero-day vulnerabilities? Validating standard security patches, e.g. from Microsoft, cannot wait for months - they must be deployed immediately.

The fact that suppliers of Medical Technology are years, if not decades, behind IT-industry standards is a clear and present danger to the day-to-day operations of Hospital IT-infrastructure. Hiding behind CE-markings, or FDA-certifications, is no way to manage the dangers to IT-systems.

If Medical Devices are not hardened and maintained to be deployed and survive in a normally exposed IT-environment the shouldn't be; something which customers rarely are informed of when going through the procurement/purchasing process.
Marked as spam
like
  • Report spam
« Back to Previous Page
Ask a Question
Leave a Comment

We still use LinkedIn to access our site because it’s the only way to “pull in” your LinkedIn photo, name, and hyperlink to your profile page, all vital in building your professional network. When you log in using LinkedIn, you are giving LinkedIn your password, not me. I never see nor store your LinkedIn credentials.

Stay connected with us.

By signing up you are agreeing to our Privacy Policy.

Categories

  • Capital/Investment
    • Business Model
    • Funding
  • Careers
  • Design/Devel
    • Design
    • Development
    • Human Factors
    • Labeling
    • Material Selection
    • R&D
    • Trials and Post-Market
  • Featured
  • Industry
    • Announcements
    • Device Tax
    • Hospital and Health Care
    • Innovation
    • Medtech
  • LinkedIn, etc.
  • Markets
    • Africa
    • Americas
    • Asia
    • Australia
    • Europe
  • Regulating
    • CE Marking
    • EU
    • FDA
    • FDA/EU etc.
    • Notified Bodies
    • Quality
    • Regulatory
  • Selling
    • Distribution
    • Intellectual Property
    • Marketing/Sales
    • Reimbursement
  • Worth bookmarking!
Feature your job here.
logo

Companion to LinkedIn's 350,000 member community

  • Contact
  • Medical Device Marketing
  • In Memoriam
  • Medical Device Conference

The Medical Devices Group   |   Copyright © 2025 Terms, Conditions & Privacy

Medical Devices Group
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.