Approaching Cybersecurity & Usability as a SaMD Company
How do you balance security and usability of software as a medical device (SaMD)? It’s not easy and trade-offs may need to be made by device companies in order to give users what they want and need to safely use it as intended.
In this episode of the Global Medical Device Podcast Etienne Nichols talks to Abbas Dhilawala, a cybersecurity and SaMD expert with Galen Data, about a new approach to cybersecurity and usability for SaMD companies to ensure products are both secure and user-friendly.
Abbas has 18 years of experience developing enterprise-grade software for the medical device industry and is well-versed with technology, industry standards, and the privacy of data.
Some of the highlights of this episode include:
- Usability and human factors testing standards exist. However, there’s no standard approach to follow for cybersecurity. Abbas’s approach is to obtain user feedback as soon as possible for SaMD to still be secure and user-friendly.
- Different kinds of users in the healthcare spectrum can be trained to use SaMD, including hospital staff and patients - depending on their level of trust and understanding of technology.
- Potential Pitfalls: Classification and credential layers, such as permissions and passwords, can put the security burden on the users but leads to the need for risk assessment/management for possible harm.
- Biometrics: Cutting-edge technology, such as fingerprint, eye, and face scanning is not as secure, reliable, or consistent, but it’s getting better. Always have a backup plan.
- Key Takeaway: There’s a lot of push on cybersecurity, but don’t take away the convenience or the usability aspect. Find a way to balance both usability and cybersecurity.
Memorable quotes from Abbas Dhilawala:
“Ultimately, if you make the product in a way that’s hard to use, you can be secure. If nobody uses it, it doesn’t really matter.”
“There’s lots of standards, just no harmonization.”
“What can you do to minimize stress? Health care is already a stressful environment.”
“The fundamental layer of security is to know who the user is.”
“Having standards is a nice thing because then you can develop tooling around that.”