<h1>Ozlem Budakli</h1>

Ozlem Budakli

Ozlem Budakli joined Irdeto in 2022 as a quality manager for the Connected Health team. Her responsibilities include the implementation and maintenance of the quality management system, complying with ISO 13485, EU regulations and other regulatory bodies. She brings 10 years of experience in quality and regulatory business from the medical device manufacturers industry, and has also been a lead auditor in a notified body. Ozlem holds a Bachelor’s of Science in Biomedical Engineering, is a certified lead auditor and has a wealth of expertise in both risk and quality management.
Breaking down IMDRF N70 guidance: Cybersecurity of legacy devices 

Breaking down IMDRF N70 guidance: Cybersecurity of legacy devices 

Legacy devices strike a delicate balance between being essential while also being highly vulnerable in today’s healthcare ecosystem. The IMDRF has produced a new standard – Principles and Practices for the Cybersecurity of Legacy Medical Devices (N70) – to help device makers navigate the complexity of identifying and securing legacy devices. Read on to learn more!

NIS2: One year to go  

NIS2: One year to go  

Attaining NIS2 compliance is a standard process that requires around 12 months for completion. With non-compliance carrying severe penalties, it’s crucial for businesses, particularly MDMs, to pay attention to the essential components of this Directive, prepare adequately and act before the approaching deadline arrives.
Check out our compliance checklist and actionable steps for MDMs and see how well-prepared your business is

The implication of NIS2 on medical device cybersecurity

The implication of NIS2 on medical device cybersecurity

The healthcare industry has made great efforts over the past few years to prevent and mitigate the risks of cyberattacks targeting connected medical devices and healthcare systems. The alarming numbers indicating an increase in cyberattacks against healthcare institutions sadly show that there are still problems to tackle, particularly on the part of MDMs.
The introduction of the NIS2 Directive marks one of the latest and most important attempts to address these challenges. What’s the meaning of NIS2 to the healthcare sector and how do MDMs get started?

The Critical Entities Resilience Directive (CER) 101 

The Critical Entities Resilience Directive (CER) 101 

In parallel with the introduction of the NIS2 Directive, the European Commission has also adopted the Critical Entities Resilience (CER) Directive, focusing on the protection of public and private organizations against physical threats. Both of these Directives aim to increase resilience and counter threats that could disrupt society. It’s time to go deeper into the CER Directive and how it affects the healthcare sector and Medical Device Manufacturers (MDMs).

The complexity of medical device cybersecurity requirements: How to cope 

The complexity of medical device cybersecurity requirements: How to cope 

Mitigating cybersecurity risks for medical devices is increasingly a core focus area for regulators, who are driving the establishment of a consistent cybersecurity framework to better facilitate coordination among all parties involved. This emphasizes the importance of Medical Device Manufacturers (MDMs) being aware of and familiar with the latest requirements. The intertwining of requirements, however, creates significant complexity in the medical device cybersecurity ecosystem. How can you cope with this?

Network Information Systems Security (NIS2) 101 

Network Information Systems Security (NIS2) 101 

A number of regulations have been put in place to help fortify medical devices and their manufacturing lines against potential attack patterns, including the revised Directive on the Security of Network and Information Systems (NIS2 Directive). The introduction of NIS2 will help form a better coordinated basis for cybersecurity action. Here’s what you need to know about it.

Coordinated Vulnerability Disclosure (CVD) 101 

Coordinated Vulnerability Disclosure (CVD) 101 

A Coordinated Vulnerability Disclosure (CVD) refers to a specific structured process where vulnerabilities are reported to organizations in a manner that allows for diagnosis and remediation before released to third parties or the public. CVD comprises of the coordination between the reporting entities and organizations with particular regard to the timing for both the remediation and publication of vulnerabilities. This blog post will explore the basics of CVD and what you need to be aware of.

Medical device cybersecurity: Conformity assessments 

Medical device cybersecurity: Conformity assessments 

The ongoing digitization in healthcare has brought not only new opportunities to improve patient care, but also challenges in cybersecurity. To address the issue and ensure the security of new medical devices, state-of-the-art regulatory frameworks are mandatory. Let’s discover some of the new industry developments, discuss the best practice documents and the implementation of the guidance.