Securing medical devices and documents for regulatory submissions from cyberattacks is challenging. Many medical device companies struggle to retrofit their security programs to address hardening, vulnerability management, and global incident response. New statutory requirements in the United States are increasing the focus on planned postmarket activities in the submission process. Cybersecurity has become mission-critical for medical device manufacturers.
Health authorities spanning the US, European Union, Australia, Canada, and Japan have issued cybersecurity guidance that is essential for regulatory affairs professionals to understand. In addition to premarket concerns, some of the guidance also includes expectations for post-market expectations.
This interactive virtual workshop will help regulatory and quality professionals develop the knowledge they need to help steer their organizations in the right direction when it comes to global cybersecurity expectations
Technical staff will get a better understanding of how to translate regulatory expectations into concrete design and development. Organizational leaders will gain strategic knowledge that will increase the likelihood of gaining green lights from regulators while also teaching them how to establish trust with customers concerned about risk related to medical devices on their networks.
Registration Fees & Deadlines
Present – 7 March 2026: Early Bird Member $865| Nonmember $1020
8 March 2026 – 7 April 2026: Regular Member $1020 | Nonmember $1200
Learning Objectives
- Thoroughly understand international regulatory expectations for medical device cybersecurity
- Know the main components of a product security program aligned with global expectations
- Understand how to use pre-submissions to reduce the likelihood of cybersecurity-related deficiencies
- Be able to build more successful cybersecurity content for regulatory submissions
- Learn key medical device security standards
Who Should Attend?
- Early and mid-stage career regulatory and quality professionals through the director level
- Engineer-level to director-level R&D professionals
Audience Learning Level
Basic: Content is introductory in nature and requires no requisite knowledge or experience to grasp concepts and related exercises. Basic educational activities are meant to establish a foundation of knowledge and/or competence that will be expanded upon in practice or in higher level activities.
Agenda
Topic 1
Title: An Introduction to Medical Device Cybersecurity Concepts and Challenges
Speaker: Michelle Jump
|
Topic 6
Title: Submission Strategies for Cybersecurity
Speaker: Matthew Hazelett
|
Topic 2
Title: Medical Device Product Security Programs: Putting together the puzzle
Speaker: Michelle Jump
|
Topic 6a
Title: IEC 81001-5-1: Foundational Standard for Cybersecurity
Speaker: Michelle Jump
|
Topic 3a
Title: FDA Select Update, 524B, and Omnibus
Speaker: Matthew Hazelett
|
Topic 7
Title: Labeling and Communication
Speaker: Michelle Jump
|
Topic 3b
Title: eSTAR: Review of the Document Expectations
Speaker: Michelle Jump
|
Topic 10
Title: Overview of global regulatory expectations
Speaker: Michelle Jump
|
Topic 4
Title: Secure Design: You Can’t Mitigate Your Way to Security
Speaker: Matthew Hazelett
|
Topic 11
Title: Postmarket Overview
Speaker: Michelle Jump
|
Topic 4b
Title: SBOM
Speaker: Michelle Jump
|
Topic 12
Title: Threat Intelligence and Incident Response
Speaker: Michelle Jump
|
Topic 5
Title: Security Risk Management and Threat Modeling
Speaker: Michelle Jump |
Topic 14
Title: Vulnerability and Patch Management
Speaker: Michelle Jump
|
| |
Topic 15
Title: Disclosure and Advisory: When and How
Speaker: Michelle Jump
|
Speakers
Michelle Jump is the CEO of MedSec, where she is responsible for providing strategic leadership, training, and advisory services to the medical device industry in the area of cybersecurity compliance, global regulations, standards, product security program development, and security risk management.
Matthew Hazelett
Chief Operating Officer and Chief Quality Officer at MedSec, Former FDA Cybersecurity Policy Analyst
Matthew Hazelett is a former cybersecurity policy analyst at the US Food and Drug Administration Center for Devices and Radiological Health Office of Product Evaluation and Quality Clinical and Scientific Policy.
Hazelett started at the FDA as a biomedical engineer within the Implantable Electrophysiology Devices Branch at the Center for Devices and Radiological Health (CDRH). His review areas include pacemakers, defibrillators, leads, and supporting devices, such as programmers and home monitors. Since starting at FDA, Hazelett developed a review focus on cybersecurity, participates in cybersecurity guidance development, and supports cybersecurity vulnerability assessments and reviews across CDRH. Hazelett also has worked for a medical device research and development company as a test engineer and test manager overseeing device verification and validation testing.
Cancellations and Refunds
RAPS reserves the right to cancel this program at its sole discretion. RAPS will not be responsible for travel or other costs incurred due to cancellation. All cancellation requests must be submitted in writing to support@raps.org. Cancellations will receive a full refund minus a 20% administrative fee. RAPS is unable to accept cancellations by phone.
Substitutions
Paid registration substitutions may be accepted with written approval from RAPS for requests received before the start of the event. To transfer a registration, email support@raps.org with the event title, name of the original registrant and the contact information for the new attendee.
Proof of Attendance
A certificate of attendance can be downloaded from the RAPS Learning Portal following the event.
Questions
Contact the RAPS Support Center:
Call +1 301 770 2920, ext. 200 (8:30 am–5:30 pm EST, Monday–Friday) or email
support@raps.org.