Jul 1, 2018
EMERGO SUMMARY OF KEY POINTS:
In a sign that medical device market regulators are moving toward a uniform approach to cybersecurity risk management, the South Korean government has published new guidelines referencing the UL 2900 cybersecurity standard as well as US Food and Drug Administration recommendations.
The new guidelines (link in Korean), “Cyber Security Guide for Smart Medical Service,” were issued by the South Korean Ministry of Science and ICT. Although the guidelines only provide recommendations to medical device manufacturers and healthcare providers for managing cybersecurity risk, they will likely pave the way for full-blow cybersecurity regulations from the Ministry for Food and Drug Safety (MFDS) and other South Korean agencies.
The guidelines reference the UL 2900 medical device cybersecurity standard, which US FDA now recognizes as a consensus standard for use by US market applicants. By incorporating UL 2900 as well as other established cybersecurity references and standards—ISO/IEC 27002, NIST 800-53 and FDA cybersecurity guidance documents—South Korean regulators are indicating a same-page approach regarding recommendations and requirements for MFDS registrants with network-connected devices as well as hospitals and healthcare providers to manage these vulnerabilities.
EMERGO SUMMARY OF KEY POINTS:
EMERGO SUMMARY OF KEY POINTS: