Demystifying Cybersecurity Guidelines for Medical Device Protection

Today, healthcare is one of the most targeted industries by cyber threat actors, with the highest average cost of a data breach, a staggering $10.10 million per breach. The wealth and breadth of sensitive patient information collected and stored, as well as the life-saving care provided by medical professionals that increasingly rely on digital technologies, makes it an enticing target. Medical devices, in particular, low doctors to administer advanced and ongoing care by monitoring or regulating patients’ health. These qualities, of being worn by or implanted in a patient, digitally or remotely accessible, and gathering patient data, make them particularly vulnerable to cyber threats. In response, the federal government has shared new guidelines for cybersecurity in medical devices and, in December 2022, amended the Federal Food, Drug, and Cosmetic Act (FD&C Act) to include a cybersecurity provision for application submissions of medical devices to the FDA. As medical device manufacturers submit applications for new devices or updates that require premarket review by the agency, these businesses and their counsel will want to understand the new cybersecurity requirements to incorporate them into product designs, rather than lengthen the approval process. As threats against the healthcare industry evolve, staying current on the regulatory response will enable attorneys to best advise their clients in this sector.
In this online seminar, our expert panelists begin by introducing the role of cybersecurity in the healthcare industry, including the uses of technology in medicine and the factors that make healthcare the most targeted industry by threat actors. Our speakers review the distinct types of medical devices and their specific cyber vulnerabilities. They discuss the recent addition of regulations and guidelines, including what they entail. Lastly, our experts give advice on how manufacturers should incorporate cybersecurity measures and the importance of monitoring of these medical devices.

Our Mission is to bridge the knowledge gap between law and technology professionals by educating attorneys on technology to attorneys and technology executives on its laws and regulations. Legal Cyber Academy provides a comprehensive tool and evolving knowledge base through exclusive insights from world class cybersecurity, privacy, web 3.0, forensic, and e-discovery legal and technical practitioners. Earn CLE, CPE, and CE credits. (Refunds are available if you do not receive credit) At Legal Cyber Academy We recognize that technology, the cybersecurity threats it faces, and relevant laws and regulation are rapidly evolving, presenting unique challenges and opportunities. Our platform is dedicated to empowering legal professionals with the skills and understanding necessary to navigate the complex landscape of technology in their field, enabling them to effectively advise clients, draft contracts, and navigate legal implications in a technology-driven world. Simultaneously, we strive to equip technology professionals with the legal knowledge they need to make informed decisions, ensure compliance with regulations, and limit liability. By fostering a deep understanding of legal frameworks, we hope to support technology professionals in creating innovative, compliant, and socially conscious technological advancements. Join us in our mission to reshape the way legal professionals and technology experts understand and interact with each other in a rapidly changing technical and legal landscape. Together, they will mitigate risk better, ensure compliance, and actively shape the future of technology and its accompanying laws.

LAW & FORENSICS LLC – FOUNDER; JAMS – NEUTRAL; HARVARD – ADJUNCT;
Danie Garrie, Esq., is the Co-Founder of Law & Forensics LLC, where he heads the Computer Forensics and digital discovery Cybersecurity teams. Daniel has been a dominant voice in the computer forensics and cybersecurity space for the past 20 years, as an attorney and technologist. He is an adjunct professor at Harvard for Computer Forensics, and prior to Law & Forensics, he successfully built and sold several technology start-up companies. Since co-founding Law & Forensics LLC in 2008, Daniel has built it into one of the leading boutique firms specializing in cybersecurity and forensic engineering. He is a mediator, arbitrator, and e-discovery special master for JAMS and is a partner and head of Cybersecurity practice at Zeichner, Ellman & Krause LLP. Daniel earned both a Bachelor’s and a Master’s degree in computer science from Brandeis University, as well as a J.D. from Rutgers Law School. Daniel has led cyber and forensic teams in some of the most visible and sensitive incidents in the United States. He and his team have worked globally for two of the top five banks and dozens of the largest private and public companies in the world. In addition, Daniel has been awarded several patents for advanced cybersecurity and forensic platforms he built with his team, including TableTop.AI, CustodyTrack.IO, and Forensic Scan. Daniel is also well-published in the cybersecurity space and has authored more than 200 articles and books. His work is cited by Black’s Law Dictionary 10th Ed. defining the terms 'software', 'internet', and 'algorithm'. Lastly, he has been recognized by several United States Supreme Court Justices for his legal scholarship and is a trusted source and thought leader for cybersecurity articles and opinions, cited over 500 times to date.

Caidya - Chief Legal Officer
David is Chief Legal Officer for Caidya, a global clinical research organization (CRO) that helps bring life-changing therapies to the global community through liberated clinical research. At Caidya, David leads commercial, compliance and litigation management, transactions, as well as oversight of data privacy, protection and security initiatives. The data privacy and security program implemented by David’s team at Caidya emphasizes privacy-by-design and privacy-by-default concepts to generate value for clients by minimizing exposure to data privacy and data protection regulations. It also ensures compliance mechanisms are in place to address ever-evolving global data privacy and data protection obligations placed upon the company and its clients sponsoring global clinical trials. With over 30 years of legal experience in business and corporate transactions in highly regulated industries such as life sciences chemicals, David has substantial experience advising senior leadership on the most intricate regulatory compliance, corporate governance, business transactions and high-stakes litigation matters. His prior roles have included setting strategies for and resolving high exposure litigation, designing tight messaging for public facing matters, and serving as company spokesperson, leading interactions with federal and state regulators, implementing cost saving initiatives, creating master agreements, launching U.S. wide best practices for records and electronically stored information (ESI) management, serving as ombudsman for ethics and compliance hotline reporting, conducting internal investigations, restructuring subsidiaries, and evaluating potential M&A targets and investments.

Mount Sinai Health Systems - Senior Director & Head of Systems, Cloud & Biomed Security
Dr. Mustac is responsible for the cybersecurity of connected devices across The Mount Sinai Health System's internationally acclaimed facilities, including the Icahn School of Medicine at Mount Sinai, eight hospital campuses, and more than 400 ambulatory practices with revenues exceeding $8B. He is actively involved in the management and remediation of known vulnerabilities across all platforms and technologies, as well as incident response activities. He collaborates with device manufacturers, leading medical institutions, and government agencies to promote the adoption of standards, industry best practices, and building consensus to promote patient safety across all audiences. Additionally, he educates stakeholders regarding the cyber risks of connected medical devices, IoT devices, and the mitigation of risk, along with best practices to protect the infrastructure of their facilities.