Approaching Cybersecurity & Usability as a SaMD Company

Episode Thumbnail
00:00
00:00
This is a podcast episode titled, Approaching Cybersecurity & Usability as a SaMD Company. The summary for this episode is: <p>How do you balance security and usability of software as a medical device (SaMD)? It’s not easy and trade-offs may need to be made by device companies in order to give users what they want and need to safely use it as intended.</p><p>In this episode of the Global Medical Device Podcast Etienne Nichols talks to Abbas Dhilawala, a cybersecurity and SaMD expert with Galen Data, about a new approach to cybersecurity and usability for SaMD companies to ensure products are both secure and user-friendly.</p><p>Abbas has 18 years of experience developing enterprise-grade software for the medical device industry and is well-versed with technology, industry standards, and the privacy of data.</p><h3>Some of the highlights of this episode include:</h3><ul><li>Usability and human factors testing standards exist. However, there’s no standard approach to follow for cybersecurity. Abbas’s approach is to obtain user feedback as soon as possible for SaMD to still be secure and user-friendly.</li><li>Different kinds of users in the healthcare spectrum can be trained to use SaMD, including hospital staff and patients - depending on their level of trust and understanding of technology.</li><li>Potential Pitfalls: Classification and credential layers, such as permissions and passwords, can put the security burden on the users but leads to the need for risk assessment/management for possible harm.&nbsp;</li><li>Biometrics: Cutting-edge technology, such as fingerprint, eye, and face scanning is not as secure, reliable, or consistent, but it’s getting better. Always have a backup plan.</li><li>Key Takeaway: There’s a lot of push on cybersecurity, but don’t take away the convenience or the usability aspect. Find a way to balance both usability and cybersecurity.</li></ul><h3>Memorable quotes from Abbas Dhilawala:</h3><p><em>“Ultimately, if you make the product in a way that’s hard to use, you can be secure. If nobody uses it, it doesn’t really matter.”</em></p><p><em>“There’s lots of standards, just no harmonization.”</em></p><p><em>“What can you do to minimize stress? Health care is already a stressful environment.”</em></p><p><em>“The fundamental layer of security is to know who the user is.”</em></p><p><em>“Having standards is a nice thing because then you can develop tooling around that.”</em></p><p><br></p><h3>Links:</h3><p><a href="https://contact.galendata.com/schedule-demo" rel="noopener noreferrer" target="_blank">Galen Data (Schedule a Demo)</a></p><p><a href="https://www.fda.gov/industry/fda-basics-industry/guidances" rel="noopener noreferrer" target="_blank">FDA - Guidances</a></p><p><a href="https://www.fda.gov/medical-devices/digital-health-center-excellence/cybersecurity" rel="noopener noreferrer" target="_blank">FDA - Cybersecurity</a></p><p><a href="https://www.hhs.gov/hipaa/index.html" rel="noopener noreferrer" target="_blank">HIPAA</a></p><p><a href="https://www.greenlight.guru/true-quality" rel="noopener noreferrer" target="_blank">True Quality 2022</a></p><p><a href="https://virtual-summit.greenlight.guru/" rel="noopener noreferrer" target="_blank">The Greenlight Guru True Quality Virtual Summit</a></p><p><a href="https://www.youtube.com/channel/UCYfQsPqHW8H8mZ4xpM4gn1Q" rel="noopener noreferrer" target="_blank">Greenlight Guru YouTube Channel</a></p><p><a href="https://www.greenlight.guru/podcast-mtqs" rel="noopener noreferrer" target="_blank">MedTech True Quality Stories Podcast</a></p><p><a href="https://www.greenlight.guru/academy" rel="noopener noreferrer" target="_blank">Greenlight Guru Academy</a></p><p><a href="https://www.greenlight.guru/" rel="noopener noreferrer" target="_blank">Greenlight Guru</a></p><p><a href="mailto:podcast@greenlight.guru" rel="noopener noreferrer" target="_blank">Global Medical Device Podcast Email</a></p><p><br></p><p><br></p>

DESCRIPTION

How do you balance security and usability of software as a medical device (SaMD)? It’s not easy and trade-offs may need to be made by device companies in order to give users what they want and need to safely use it as intended.

In this episode of the Global Medical Device Podcast Etienne Nichols talks to Abbas Dhilawala, a cybersecurity and SaMD expert with Galen Data, about a new approach to cybersecurity and usability for SaMD companies to ensure products are both secure and user-friendly.

Abbas has 18 years of experience developing enterprise-grade software for the medical device industry and is well-versed with technology, industry standards, and the privacy of data.

Some of the highlights of this episode include:

  • Usability and human factors testing standards exist. However, there’s no standard approach to follow for cybersecurity. Abbas’s approach is to obtain user feedback as soon as possible for SaMD to still be secure and user-friendly.
  • Different kinds of users in the healthcare spectrum can be trained to use SaMD, including hospital staff and patients - depending on their level of trust and understanding of technology.
  • Potential Pitfalls: Classification and credential layers, such as permissions and passwords, can put the security burden on the users but leads to the need for risk assessment/management for possible harm. 
  • Biometrics: Cutting-edge technology, such as fingerprint, eye, and face scanning is not as secure, reliable, or consistent, but it’s getting better. Always have a backup plan.
  • Key Takeaway: There’s a lot of push on cybersecurity, but don’t take away the convenience or the usability aspect. Find a way to balance both usability and cybersecurity.

Memorable quotes from Abbas Dhilawala:

“Ultimately, if you make the product in a way that’s hard to use, you can be secure. If nobody uses it, it doesn’t really matter.”

“There’s lots of standards, just no harmonization.”

“What can you do to minimize stress? Health care is already a stressful environment.”

“The fundamental layer of security is to know who the user is.”

“Having standards is a nice thing because then you can develop tooling around that.”


Links:

Galen Data (Schedule a Demo)

FDA - Guidances

FDA - Cybersecurity

HIPAA

True Quality 2022

The Greenlight Guru True Quality Virtual Summit

Greenlight Guru YouTube Channel

MedTech True Quality Stories Podcast

Greenlight Guru Academy

Greenlight Guru

Global Medical Device Podcast Email