Cybersecurity

A practical guide to GAMP 5 Second Edition for medical device manufacturers: software categories, the V-model, critical thinking, FDA CSA alignment, data integrity, and 21 CFR Part 11.

RunSafe's 2026 Index: 56% of hospitals reject devices over cybersecurity, 35% won't buy without an SBOM, and 84% include security in RFPs. What manufacturers must do now.

Analyze the March 2026 Handala wiper attack on Stryker, its global manufacturing and order disruption, supply chain impact, and cybersecurity lessons for medtech.

Build a device cybersecurity response plan covering FDA 21 CFR 806, EU MDR vigilance, CISA timelines, containment, patient safety review, and coordinated disclosure.

Plan regulated cybersecurity patch deployment for fielded devices under EU MDR, FDA Section 524B, and the Cyber Resilience Act, from triage to verified rollout.

Guide to building one evidence matrix for AI medical devices under EU MDR and the EU AI Act, mapping Annex II/III files, ISO 14971 risks, PMS/PMCF, cybersecurity, data governance, and QMS evidence.

Guide to building an FDA unresolved software anomalies table for cybersecurity submissions, including CVSS, exploitability, clinical impact, controls, SBOM links, VEX status, and labeling.

Prepare for IEC 62304 Edition 2 with process rigor levels, broader health software scope, AI/ML lifecycle provisions, cybersecurity integration, and compliance timelines.

Draft QMSR supplier quality agreements for cloud, AI, cybersecurity, testing, and sterilization vendors with audit, CAPA, change notice, and evidence clauses.

PSIRT playbook for medical device SBOM-to-VEX triage, covering CVE intake, component matching, exploitability analysis, VEX rationale, severity scoring, CAPA, field action, and communications.

Decision tree for when a software or cybersecurity update can use Special 510(k) vs Traditional 510(k) — risk analysis, V&V summary, FDA guidance, and evidence package requirements.

Guide to 12 common FDA cybersecurity premarket deficiencies in 2026, including SBOM, threat modeling, risk assessment, Section 524B, guidance alignment, and practical fixes.

Practical guide to medical device CVD programs, including PSIRT setup, vulnerability intake, CVSS scoring, SBOM linkage, FDA Section 524B, EU expectations, and customer communication.

Guide to regulatory, privacy, and commercial risks for DTC genetic tests, including FDA oversight, FTC claim substantiation, clinical validity, GINA, state privacy laws, and risk-report claims.

See how penetration testing, vulnerability scanning, and fuzz testing support FDA and EU MDR cybersecurity evidence for connected medical device submissions.

Manage third-party cybersecurity risk for connected medical devices using FDA Section 524B, QMSR and ISO 13485 controls, SBOMs, vendor assessments, and threat modeling.

Learn how HL7 FHIR, IEEE 11073, and DICOM support medical device interoperability, including CMS mandates, FDA expectations, and implementation guidance.

Implement Privacy by Design in connected medical devices, with GDPR, HIPAA, data minimization, consent, anonymization, and 2026 privacy expectations.

Learn how medical device companies can implement ISO 27001, align ISMS controls with ISO 13485 and FDA cybersecurity expectations, and plan certification.

Practical GDPR guide for device and IVD manufacturers, covering health data, DPIAs, DPO duties, lawful bases, transfers, EU MDR, IVDR, and AI Act overlap.