3D Printing, Cybersecurity Emerging Concerns for Device Manufacturers

As if the industry isn’t saddled with enough rules and regulations, new technologies like additive manufacturing and the domination of digital communication and information transfer mean additional considerations for medical device manufacturers.

In a recent Medmarc webinar, Anthony Strasius, an attorney and regional managing partner at Wilson Elser Moskowitz Edelman & Dicker LLP, discussed what he views as the top ten concerns for life sciences companies.

Should these top your list of priorities? No. In fact, some of these concerns might be integrated into your workflow already. As engineers and operations folks, though, it’s good to understand what regulators and legal teams are eyeing. We summarize three of these concerns below.

3D Medical Devices
Litigation risks surrounding 3D printing relate to the novelty of the technology and the changes that it brings to the manufacturing process.

“Are companies now going to be liable for the process as well as the product in different ways than they have in the past?” Strasius asks. “The short answer is likely to be yes.”

Thus, it’s critical to perform thorough testing of 3D-printed devices.

Aspects of cost may arise as well. As more companies employ 3D printing, manufacturers may be accused of rushing products to market to save money on this newer manufacturing process. 

Data Cybersecurity and Medical Device Hacks
Various potential risks are associated with cybersecurity, such as security and privacy vulnerabilities, as noted by FDA. The Agency released its guidance, "Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” in October 2014, recommending that manufacturers consider cybersecurity risks as part of the design and development process of a medical device, and submit documentation about risks and ways to mitigate those risks.

FDA recommends that companies:

    1. Identify threats and vulnerabilities.
    2. Assess the impact of those on device functionality and end users.
    3. Assess the likelihood of a threat or vulnerability to occur.
    4. Determine risk levels and suitable mitigation strategies.
    5. Assess residual risk and risk acceptance criteria.

Actual hacks on medical devices are difficult to detect and prevent. “To protect a medical device from hacks, read FDA’s guidance, evaluate your company risk, adopt the risk management framework that you need and enhance security by increasing security education and awareness,” Strasius says.

E-data Preservation and Management
It is crucial to preserve electronically-stored information, such as emails and files, and have a process in place at your company for managing this.

Companies should also monitor the “e-trails” they leave, meaning when people within the company communicate via email, they could be used against the company (i.e.; emails containing information associated with the history of a product and its design, development, testing, quality control, inspections and post-market monitoring).

“One of the first questions attorneys will ask is, ‘Has this ever happened with this product in the past?’ ” Strasius says. “Have a responsible history. Then they ask, ‘Was the process followed?’ Use a good paper trail for your product. This involves approval, certifications, processes, inspections and post-market efforts. If the right standards and regulations have been followed, you’ll get favorable testimony and evidence in defending the product. The history of the product and the ability to prove that the company did the right thing at every opportunity is hugely important in defending these claims.”

Other trends and concerns on the horizon, according to Strasius, relate to nanotechnology and robotics.

His general advice for how to prevent and handle these potentially litigious situations is:

    • Have the right people, in the right place
    • Educate, and continue to educate
    • Use common sense
    • Seek outside consultants as necessary
    • Communicate

What do you see as the greatest concern for medical device companies in the digital age? Leave a comment below or email us.

Send comments on this article to This email address is being protected from spambots. You need JavaScript enabled to view it..