摘要
目的针对医疗器械产品的网络安全问题,结合日常检验检测和标准研究,提出质量控制解决方案,降低医疗器械产品使用过程的风险。方法针对医疗器械产品的预期用途和使用环境,分别从保密性、完整性、可得性三个方面开展分析研究,提出了制造商和检验机构在产品设计和检验过程中应该遵循的二十项要求,基本覆盖了网络安全的全部要素。结果围绕医疗器械网络安全的二十项要求,提出了具体的测试方法,用于指导实践,采用编写测试用例执行测试脚本和功能验证的方法,建立漏洞扫描过程要求,执行要素及相关要求。结论关注医疗器械网络安全问题应贯穿于医疗器械产品全生命周期过程,并且随着新技术、新方法的落地,质量控制方法动态更新。
Objective To carry out research on the cyber security of medical devices,combined with daily inspection and standard research,put forward the solution of quality control,and reduce the risk in the use process of medical devices.Methods According to the expected use and environment of medical devices,analysis and research were carried out from three aspects of confidentiality,integrity and availability.Twenty requirements that manufacturers and inspection institutions should follow in the process of product design and inspection were put forward,which basically covered all the elements of cyber security.Results Around the twenty requirements of medical device cyber security,specific test methods were proposed to guide practice.The method of writing test cases,executing test scripts and functional verification was used to establish vulnerability scanning process requirements,execution elements and related requirements.Conclusion Cyber security should run through the whole life cycle of medical devices.With the implementation of new technologies and methods,the quality control methods should be dynamically updated.
作者
王晨希
王权
李佳戈
WANG Chenxi;WANG Quan;LI Jiage(Institute of Medical Devices Control,National Institutes for Food and Drug Control,Beijing 102629,China)
出处
《中国医疗设备》
2021年第9期23-27,共5页
China Medical Devices
基金
国防科技创新特区163计划12-27重点项目(20-163-12-ZD-027-013-04)。
关键词
医疗器械
医疗器械网络安全
质量控制
全生命周期
medical device
medical device cyber security
quanlity control
full life cycle