Video Processor Cybersecurity
Video Processor Cybersecurity and Antivirus Software
Connecting the Video Processor to a network may expose it to computer viruses and security vulnerabilities. If the Video Processor is plugged into a security-compromised network or connected to a computer or a USB flash drive that is contaminated with computer virus(es), it could cause the Video Processor to be vulnerable to computer virus infection. For these reasons, you should consult with your Hospital or Clinic IT Coordinator before connecting the Video Processor using LAN port or USB port. It is the responsibility of the customer to configure a secure network and ensure that the network is regularly updated with the latest version of virus protection software and is configured with security features. That said, due to the number of major antivirus solutions and because of licensing issues, it is not possible to predict and preload antivirus solutions for each customer. Therefore, PENTAX Medical customers typically install antivirus software at each medical facility according to the policies of the facility.
PENTAX Medical continues to assess potential cybersecurity issues in accordance with our Software Problem Resolution Work Instruction. This provides a framework for investigation and analysis of software cybersecurity design vulnerabilities. As part of this analysis, we confirm that PENTAX Software verification and validation testing for Video Processors has been conducted and documented as recommended by FDA’s Guidance for Industry and FDA Staff, “Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices,” issued May 11, 2005.The software is classified under the Software Safety Classification per IEC 62304:2006, “Medical device software—Software life cycle processes,” and the software level of concern is assigned based on FDA’s Guidance for Industry and FDA Staff, “Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices.” Cybersecurity risks have also been assessed and mitigated according to the FDA Guidance for Industry and Staff, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” issued October 2, 2014, and “Postmarket Management of Cybersecurity in Medical Devices,” issued December 28, 2016. Based on this we are able to ensure that:
- Cybersecurity risks have been fully assessed and mitigated through the PENTAX Medical Quality Management System (21 CFR 820, Design Change).
- As demonstrated through testing, cybersecurity risks in individual devices are at an acceptable level.
PENTAX Medical currently has software patches available for the following Video Processor:
PENTAX Medical EPK-i5010 Video Processor
Please consult with your IT department to ensure your devices are sufficiently protected. If you have further questions or comments, contact your local PENTAX Medical representative.