Common use of Medical Devices Clause in Contracts

Medical Devices. This Article applies when the Goods and/or Services involve UC purchasing or leasing one or more medical devices from Supplier, or when Supplier uses one or more medical devices in providing Goods and/or Services to UC. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or (iii) intended to affect the structure or any function of the body of man or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. Supplier warrants that prior to UC’s purchase or lease of any Medical Device or Supplier’s use of any Medical Device in providing Goods and/or Services hereunder, Supplier will: (i) perform security testing and validation for each such Goods and/or Services or Medical Device, as applicable; (ii) perform a security scan by an anti-virus scanner, with up-to-date signatures, on any software embedded within any Goods and/or Services or Medical Device, as applicable, in order to verify that the software does not contain any known viruses or malware; (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC with reports for (i) – (iii). Supplier warrants that all security testing performed by Supplier covers all issues noted in the “SANS WE TOP 25” and/or “OWASP Top 10” documentation. Throughout Supplier’s performance of this Agreement, Supplier will provide UC with reasonably up-to-date patches, firmware and security updates for any Medical Device provided to UC, and any other Medical Device used in the course of providing Services, as applicable. All such patches and other security updates will be made available to UC within thirty (30) days of its commercial release or as otherwise recommended by Supplier or Supplier’s sub-supplier, whichever is earlier. Supplier warrants that all software and installation media not specifically required for any Medical Device used by Supplier or Goods and/or Services delivered to UC under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods and/or Services or Medical Device following installation, and that all hardware ports and drives not required for use or operation of such Goods and/or Services or Medical Device will be disabled at time of installation. In addition, Medical Devices must be configured so that only Supplier-approved applications will run on such Medical Devices. Supplier agrees that UC may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certification, will impact, limit, reduce or negate Supplier’s warranties or any of Supplier’s other obligations hereunder. Supplier warrants that any Medical Device provided to UC, and any other Medical Device used in the course of providing such Goods and/or Services, meet and comply with all cyber-security guidance and similar standards promulgated by the FDA and any other applicable regulatory body. If the Goods and/or Services entail provision or use of a Medical Device, Supplier will provide UC with a completed Manufacturer Disclosure Statement for Medical Device Security (MDS2) form for each such Medical Device before UC is obligated to purchase or lease such Medical Device or prior to Supplier’s use of such device in its performance of Services. If Supplier provides an MDS2 form to UC concurrently with its provision of Goods and/or Services, UC will have a reasonable period of time to review such MDS2 form, and if the MDS2 form is unacceptable to UC, then UC in its sole discretion may return the Goods or terminate the Agreement with no further obligation to Supplier.

Medical Devices. This Article applies when the Goods and/or Services involve UC purchasing or leasing one or more medical devices from Supplier, or when Supplier uses one or more medical devices in providing Goods and/or Services to UC. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or (iii) intended to affect the structure or any function of the body of man or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. Supplier warrants that prior to UC’s purchase or lease of any Medical Device Goods and/or Services or Supplier’s use of any Medical Device product in providing Goods and/or Services hereunder, Supplier will: (i) perform security testing and validation for each such Goods and/or Services or Medical Deviceproduct, as applicable; (ii) perform a security scan by an anti-virus scanner, with up-to-date signatures, on any software embedded within any Goods and/or Services or Medical Deviceproducts, as applicable, in order to verify that the software does not contain any known viruses or malware; (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC with reports for (i) – (iii). Supplier warrants that all security testing performed by Supplier covers all issues noted in the “SANS WE TOP 25” and/or “OWASP Top 10” documentation. Throughout Supplier’s performance of this Agreement, Supplier will provide UC with reasonably up-to-date patches, firmware and security updates for any Medical Device all Goods and/or Services provided to UC, and any other Medical Device products used in the course of providing Services, as applicable. All such patches and other security updates will be made available to UC within thirty (30) days of its commercial release or as otherwise recommended by Supplier or Supplier’s sub-supplier, whichever is earlier. earlier.‌ Supplier warrants that all software and installation media not specifically required for any Medical Device products used by Supplier or Goods and/or Services delivered to UC under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods and/or Services or Medical Device products following installation, and that all hardware ports and drives not required for use or operation of such Goods and/or Services or Medical Device products will be disabled at time of installation. In addition, Medical Devices must be configured so that only Supplier-approved applications will run on such Medical Devicesrun. Supplier agrees that UC may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certification, will impact, limit, reduce or negate Supplier’s warranties or any of Supplier’s other obligations hereunder. Supplier warrants that any Medical Device all of the Goods and/or Services provided to UC, and any other Medical Device products used in the course of providing such Goods and/or Services, meet and comply with all cyber-security guidance and similar standards promulgated by the FDA U.S. Food and Drug Administration and any other applicable regulatory body. If the Goods and/or Services entail provision or use of a Medical Devicemedical devices, Supplier will provide UC with a completed Manufacturer Disclosure Statement for Medical Device Security (MDS2) form for each such Medical Device medical device before UC is obligated to purchase or lease such Medical Device medical device or prior to Supplier’s use of such device device(s) in its performance of Services. If Supplier provides an MDS2 form form(s) to UC concurrently with its provision of Goods and/or Services, UC will have a reasonable period of time to review such MDS2 formform(s), and if the MDS2 form form(s) is unacceptable to UC, then UC in its sole discretion may return the Goods or terminate the Agreement with no further obligation to Supplier.

Medical Devices. This Article applies when the Goods and/or Services involve UC purchasing or leasing one or more medical devices from Supplier, or when Supplier uses one or more medical devices in providing Goods and/or Services to UC. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man humans or other animals, or (iii) intended to affect the structure or any function of the body of man humans or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man humans or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. Supplier warrants that prior to UC’s purchase or lease of any Medical Device or Supplier’s use of any Medical Device in providing Goods and/or Services hereunder, Supplier will: (i) perform security testing and validation for each such Goods and/or Services or Medical Device, as applicable; (ii) perform a security scan by an anti-virus scanner, with up-to-date signatures, scans to detect malware on any software embedded within any Goods and/or Services or Medical Device, as applicable, in order to verify that the software does not contain any known viruses or malware; (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC with reports for (i) – (iii). Supplier warrants that all security testing performed by any Good or Medical Device is compliant with FDA’s most current guidance or regulation for the quality system related to the cybersecurity and the Management of Cybersecurity in Medical Devices, and that Supplier covers all issues noted in the “SANS WE TOP 25” and/or “OWASP Top 10” documentationwill maintain compliance with any updates to such guidance or regulations. Throughout Supplier’s performance of this Agreement, Supplier will provide UC with reasonably up-to-date patches, firmware and security updates for any Medical Device provided to UC, and any other Medical Device used in the course of providing Services, as applicable. All such patches and other security updates will be made available to UC within thirty (30) days of its commercial release or as otherwise recommended by Supplier or Supplier’s sub-supplier, whichever is earlier. Supplier warrants that all software and installation media not specifically required for any Medical Device used by Supplier or Goods and/or Services delivered to UC under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods and/or Services or Medical Device following installation, and that all hardware ports and drives drivers not required for use or operation of such Goods and/or Services or Medical Device will be disabled at time of installation. In addition, Medical Devices must be configured so that only Supplier-approved applications will run on such Medical Devices. Supplier agrees that UC may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certification, will impact, limit, reduce or negate Supplier’s warranties or any of Supplier’s other obligations hereunder. Supplier warrants that any Medical Device provided to UC, and any other Medical Device used in the course of providing such Goods and/or Services, meet and comply with all cyber-security guidance and similar standards promulgated by the FDA and any other applicable regulatory body. If the Goods and/or Services entail provision or use of a Medical Device, Supplier will provide UC with a completed Manufacturer Disclosure Statement for Medical Device Security (MDS2) form for each such Medical Device before UC is obligated to purchase or lease such Medical Device or prior to Supplier’s use of such device in its performance of Services. If Supplier provides an MDS2 form to UC concurrently with its provision of Goods and/or Services, UC will have a reasonable period of time to review such MDS2 form, and if the MDS2 form is unacceptable to UC, then UC in its sole discretion may return the Goods or terminate the Agreement with no further obligation to Supplier.

Medical Devices. This Article applies when the Goods and/or Services involve UC purchasing or leasing one or more medical devices from Supplier, or when Supplier uses one or more medical devices in providing Goods and/or Services to UC. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man humans or other animals, or (iii) intended to affect the structure or any function of the body of man humans or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man humans or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. Supplier warrants that prior to UC’s purchase or lease of any Medical Device or Supplier’s use of any Medical Device in providing Goods and/or Services hereunder, Supplier will: (i) perform security testing and validation for each such Goods and/or Services or Medical Device, as applicable; (ii) perform a security scan by an anti-virus scanner, with up-to-date signatures, scans to detect malware on any software embedded within any Goods and/or Services or Medical Device, as applicable, in order to verify that the software does not contain any known viruses or malware; (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC with reports for (i) – (iii). Supplier warrants that all security testing performed by any Good or Medical Device is compliant with FDA’s most current guidance or regulation for the quality system related to the cybersecurity and the Management of Cybersecurity in Medical Devices, and that Supplier covers all issues noted in the “SANS WE TOP 25” and/or “OWASP Top 10” documentationwill maintain compliance with any updates to such guidance or regulations. Throughout Supplier’s performance of this Agreement, Supplier will provide UC with reasonably up-to-date patches, firmware and security updates for any Medical Device provided to UC, and any other Medical Device used in the course of providing Services, as applicableappl icable. All such patches and other security updates will be made available to UC within thirty (30) days of its commercial release or as otherwise recommended by Supplier or Supplier’s sub-supplier, whichever is earlier. Supplier warrants that all software and installation media not specifically required for any Medical Device used by Supplier or Goods and/or Services delivered to UC under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods and/or Services or Medical Device following installation, and that all hardware ports and drives drivers not required for use or operation of such Goods and/or Services or Medical Device will be disabled at time of installation. In addition, Medical Devices must be configured so that only Supplier-approved applications will run on such Medical Devices. Supplier agrees that UC may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certification, will impact, limit, reduce or negate Supplier’s warranties or any of Supplier’s other obligations hereunder. Supplier warrants that any Medical Device provided to UC, and any other Medical Device used in the course of providing such Goods and/or Services, meet and comply with all cyber-security guidance and similar standards promulgated by the FDA and any other applicable regulatory body. If the Goods and/or Services entail provision or use of a Medical Device, Supplier will provide UC with a completed Manufacturer Disclosure Statement for Medical Device Security (MDS2) form for each such Medical Device before UC is obligated to purchase or lease such Medical Device or prior to Supplier’s use of such device in its performance of Services. If Supplier provides an MDS2 form to UC concurrently with its provision of Goods and/or Services, UC will have a reasonable period of time to review such MDS2 form, and if the MDS2 form is unacceptable to UC, then UC in its sole discretion may return the Goods or terminate the Agreement with no further obligation to Supplier.

Medical Devices. This Article applies when the Goods and/or Services involve UC purchasing or leasing one or more medical devices from Supplier, or when Supplier uses one or more medical devices in providing Goods and/or Services to UC. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man humans or other animals, or (iii) intended to affect the structure or any function of the body of man humans or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man humans or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. Supplier warrants that prior to UC’s purchase or lease of any Medical Device or Supplier’s use of any Medical Device in providing Goods and/or Services hereunder, Supplier will: (i) perform security testing and validation for each such Goods and/or Services or Medical Device, as applicable; (ii) perform a security scan by an anti-virus scanner, with up-to-date signatures, scans to detect malware on any software embedded within any Goods and/or Services or Medical Device, as applicable, in order to verify that the software does not contain any known viruses or malware; (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC with reports for (i) – (iii). Supplier warrants that all security testing performed by Goods or Medical Devices are compliant with FDA’s most current guidance or regulation for the quality system related to the cybersecurity and the Management of Cybersecurity in Medical Devices, and that Supplier covers all issues noted in the “SANS WE TOP 25” and/or “OWASP Top 10” documentationwill maintain compliance with any updates to such guidance or regulations. Throughout Supplier’s performance of this Agreement, Supplier will provide UC with reasonably up-to-date patches, firmware and security updates for any Medical Device provided to UC, and any other Medical Device used in the course of providing Services, as applicable. All such patches and other security updates will be made available to UC within thirty (30) days of its commercial release or as otherwise recommended by Supplier or Supplier’s sub-supplier, whichever is earlier. Supplier warrants that all software and installation media not specifically required for any Medical Device used by Supplier or Goods and/or Services delivered to UC under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods and/or Services or Medical Device following installation, and that all hardware ports and drives drivers not required for use or operation of such Goods and/or Services or Medical Device will be disabled at time of installation. In addition, Medical Devices must be configured so that only Supplier-approved applications will run on such Medical Devices. Supplier agrees that UC may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certification, will impact, limit, reduce or negate Supplier’s warranties or any of Supplier’s other obligations hereunder. Supplier warrants that any Medical Device provided to UC, and any other Medical Device used in the course of providing such Goods and/or Services, meet and comply with all cyber-security guidance and similar standards promulgated by the FDA and any other applicable regulatory body. If the Goods and/or Services entail provision or use of a Medical Device, Supplier will provide UC with a completed Manufacturer Disclosure Statement for Medical Device Security (MDS2) form for each such Medical Device before UC is obligated to purchase or lease such Medical Device or prior to Supplier’s use of such device in its performance of Services. If Supplier provides an MDS2 form to UC concurrently with its provision of Goods and/or Services, UC will have a reasonable period of time to review such MDS2 form, and if the MDS2 form is unacceptable to UC, then UC in its sole discretion may return the Goods or terminate the Agreement with no further obligation to Supplier.

Medical Devices. This Article applies when the Goods and/or Services involve UC purchasing or leasing one or more medical devices from Supplier, or when Supplier uses one or more medical devices in providing Goods and/or Services to UC. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man humans or other animals, or (iii) intended to affect the structure or any function of the body of man humans or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man humans or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. Supplier warrants that prior to UC’s purchase or lease of any Medical Device or Supplier’s use of any Medical Device in providing Goods and/or Services hereunder, Supplier will: (i) perform security testing and validation for each such Goods and/or Services or Medical Device, as applicable; (ii) perform a security scan by an anti-virus scanner, with up-to-date signatures, scans to detect malware on any software embedded within any Goods and/or Services or Medical Device, as applicable, in order to verify that the software does not contain any known viruses or malware; (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC with reports for (i) – (iii). Supplier warrants that all security testing performed by any Good or Medical Device is compliant with FDA’s most current guidance or regulation for the quality system related to the cybersecurity and the Management of Cybersecurity in Medical Devices, and that Supplier covers all issues noted in the “SANS WE TOP 25” and/or “OWASP Top 10” documentationwill maintain compliance with any updates to such guidance or regulations. Throughout Supplier’s performance of this Agreement, Supplier will provide UC with reasonably up-to-date patches, firmware and security updates for any Medical Device provided to UC, and any other Medical Device used in the course of providing Services, as applicableappl icable. All such patches and other security updates will be made available to UC within thirty (30) days of its commercial release or as otherwise recommended by Supplier or Supplier’s sub-supplier, whichever is earlier. Supplier warrants that all software and installation media not specifically required for any Medical Device used by Supplier or Goods and/or Services delivered to UC under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods and/or Services or Medical Device following installation, and that all hardware ports and drives drivers not required for use or operation of such Goods and/or Services or Medical Device will be disabled at time of installation. In addition, Medical Devices must be configured so that only Supplier-approved applications will run on such Medical Devices. Supplier agrees that UC may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certification, will impact, limit, reduce or negate Supplier’s warranties or any of Supplier’s other obligations hereunder. Supplier warrants that any Medical Device provided to UC, and any other Medical Device used in the course of providing such Goods and/or Services, meet and comply with all cyber-security guidance and similar standards promulgated by the FDA and any other applicable regulatory body. If the Goods and/or Services entail provision or use of a Medical Device, Supplier will provide UC with a completed Manufacturer Disclosure Statement for Medical Device Security (MDS2) form for each such Medical Device before UC is obligated to purchase or lease such Medical Device or prior to Supplier’s use of such device in its performance of Services. If Supplier provides an MDS2 form to UC concurrently with its provision of Goods and/or Services, UC will have a reasonable period of time to review such MDS2 form, and if the MDS2 form is unacceptable to UC, then UC in its sole discretion may return the Goods or terminate the Agreement with no further obligation to Supplier.

Medical Devices. This Article applies when the Goods and/or Services involve UC purchasing or leasing one or more medical devices from Supplier, or when Supplier uses one or more medical devices in providing Goods and/or Services to UC. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man humans or other animals, or (iii) intended to affect the structure or any function of the body of man humans or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man humans or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. Supplier warrants that prior to UC’s purchase or lease of any Medical Device or Supplier’s use of any Medical Device in providing Goods and/or Services hereunder, Supplier will: (i) perform security testing and validation for each such Goods and/or Services or Medical Device, as applicable; (ii) perform a security scan by an anti-virus scanner, with up-to-date signatures, scans to detect malware on any software embedded within any Goods and/or Services or Medical Device, as applicable, in order to verify that the software does not contain any known viruses or malware; (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC with reports for (i) – (iii). Supplier warrants that all security testing performed by any Good or Medical Device is compliant with FDA’s most current guidance or regulation for the quality system related to the cybersecurity and the Management of Cybersecurity in Medical Devices, and that Supplier covers all issues noted in the “SANS WE TOP 25” and/or “OWASP Top 10” documentationwill maintain compliance with any updates to such guidance or regulations. Throughout Supplier’s performance of this Agreement, Supplier will provide UC with reasonably up-to-date patches, firmware and security updates for any Medical Device provided to UC, and any other Medical Device used in the course of providing Services, as applicable. All such patches and other security updates will be made available to UC within thirty (30) days of its commercial release or as otherwise recommended by Supplier or Supplier’s sub-supplier, whichever is earlier. Supplier warrants that all software and installation media not specifically required for any Medical Device used by Supplier or Goods and/or Services delivered to UC under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods and/or Services or Medical Device following installation, and that all hardware ports and drives drivers not required for use or operation of such Goods and/or Services or Medical Device will be disabled at time of installation. In addition, Medical Devices must be configured so that only Supplier-approved applications will run on such Medical Devices. Revised 5/4/2020 Supplier agrees that UC may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certification, will impact, limit, reduce or negate Supplier’s warranties or any of Supplier’s other obligations hereunder. Supplier warrants that any Medical Device provided to UC, and any other Medical Device used in the course of providing such Goods and/or Services, meet and comply with all cyber-security guidance and similar standards promulgated by the FDA and any other applicable regulatory body. If the Goods and/or Services entail provision or use of a Medical Device, Supplier will provide UC with a completed Manufacturer Disclosure Statement for Medical Device Security (MDS2) form for each such Medical Device before UC is obligated to purchase or lease such Medical Device or prior to Supplier’s use of such device in its performance of Services. If Supplier provides an MDS2 form to UC concurrently with its provision of Goods and/or Services, UC will have a reasonable period of time to review such MDS2 form, and if the MDS2 form is unacceptable to UC, then UC in its sole discretion may return the Goods or terminate the Agreement with no further obligation to Supplier.

Medical Devices. This Article applies when the Goods and/or Services involve UC purchasing or leasing one or more medical devices from Supplier, or when Supplier uses one or more medical devices in providing Goods and/or Services to UC. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or (iii) intended to affect the structure or any function of the body of man or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. Supplier warrants that prior to UC’s purchase or lease of any Medical Device Goods and/or Services or Supplier’s use of any Medical Device product in providing Goods and/or Services hereunder, Supplier will: (i) perform security testing and validation for each such Goods and/or Services or Medical Deviceproduct, as applicable; (ii) perform a security scan by an anti-virus scanner, with up-to-date signatures, on any software embedded within any Goods and/or Services or Medical Deviceproducts, as applicable, in order to verify that the software does not contain any known viruses or malware; (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC with reports for (i) – (iii). Supplier warrants that all security testing performed by Supplier covers all issues noted in the “SANS WE TOP 25” and/or “OWASP Top 10” documentation. Throughout Supplier’s performance of this Agreement, Supplier will provide UC with reasonably up-to-date patches, firmware and security updates for any Medical Device all Goods and/or Services provided to UC, and any other Medical Device products used in the course of providing Services, as applicable. All such patches and other security updates will be made available to UC within thirty (30) days of its commercial release or as otherwise recommended by Supplier or Supplier’s sub-supplier, whichever is earlier. Supplier warrants that all software and installation media not specifically required for any Medical Device products used by Supplier or Goods and/or Services delivered to UC under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods and/or Services or Medical Device products following installation, and that all hardware ports and drives not required for use or operation of such Goods and/or Services or Medical Device products will be disabled at time of installation. In addition, Medical Devices must be configured so that only Supplier-approved applications will run on such Medical Devicesrun. Supplier agrees that UC may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certification, will impact, limit, reduce or negate Supplier’s warranties or any of Supplier’s other obligations hereunder. Supplier warrants that any Medical Device all of the Goods and/or Services provided to UC, and any other Medical Device products used in the course of providing such Goods and/or Services, meet and comply with all cyber-security guidance and similar standards promulgated by the FDA U.S. Food and Drug Administration and any other applicable regulatory body. If the Goods and/or Services entail provision or use of a Medical Devicemedical devices, Supplier will provide UC with a completed Manufacturer Disclosure Statement for Medical Device Security (MDS2) form for each such Medical Device medical device before UC is obligated to purchase or lease such Medical Device medical device or prior to Supplier’s use of such device device(s) in its performance of Services. If Supplier provides an MDS2 form form(s) to UC concurrently with its provision of Goods and/or Services, UC will have a reasonable period of time to review such MDS2 formform(s), and if the MDS2 form form(s) is unacceptable to UC, then UC in its sole discretion may return the Goods or terminate the Agreement with no further obligation to Supplier.

Medical Devices. This Article applies when the Goods and/or Services involve UC purchasing or leasing one or more medical devices from Supplier, or when Supplier uses one or more medical devices in providing Goods and/or Services to UC. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or (iii) intended to affect the structure or any function of the body of man or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. Supplier warrants that prior to UC’s purchase or lease of any Medical Device or Supplier’s use of any Medical Device in providing Goods and/or Services hereunder, Supplier will: (i) perform security testing and validation for each such Goods and/or Services or Medical Device, as applicable; (ii) perform a security scan by an anti-virus scanner, with up-to-date signatures, on any software embedded within any Goods and/or Services or Medical Device, as applicable, in order to verify that the software does not contain any known viruses or malware; (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC with reports for (i) – (iii). Supplier warrants that all security testing performed by Supplier covers all issues noted in the “SANS WE TOP 25” and/or “OWASP Top 10” documentation. Throughout Supplier’s performance of this Agreement, Supplier will provide UC with reasonably up-to-date patches, firmware and security updates for any Medical Device provided to UC, and any other Medical Device used in the course of providing Services, as applicableappl icable. All such patches and other security updates will be made available to UC within thirty (30) days of its commercial release or as otherwise recommended by Supplier or Supplier’s sub-supplier, whichever is earlier. Supplier warrants that all software and installation media not specifically required for any Medical Device used by Supplier or Goods and/or Services delivered to UC under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods and/or Services or Medical Device following installation, and that all hardware ports and drives not required for use or operation of such Goods and/or Services or Medical Device will be disabled at time of installation. In addition, Medical Devices must be configured so that only Supplier-approved applications will run on such Medical Devices. Supplier agrees that UC may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certification, will impact, limit, reduce or negate Supplier’s warranties or any of Supplier’s other obligations hereunder. Supplier warrants that any Medical Device provided to UC, and any other Medical Device used in the course of providing such Goods and/or Services, meet and comply with all cyber-security guidance and similar standards promulgated by the FDA and any other applicable regulatory body. If the Goods and/or Services entail provision or use of a Medical Device, Supplier will provide UC with a completed Manufacturer Disclosure Statement for Medical Device Security (MDS2) form for each such Medical Device before UC is obligated to purchase or lease such Medical Device or prior to Supplier’s use of such device in its performance of Services. If Supplier provides an MDS2 form to UC concurrently with its provision of Goods and/or Services, UC will have a reasonable period of time to review such MDS2 form, and if the MDS2 form is unacceptable to UC, then UC in its sole discretion may return the Goods or terminate the Agreement with no further obligation to Supplier.

Medical Devices. This Article applies when the Goods and/or Services involve UC purchasing or leasing one or more medical devices from Supplier, or when Supplier uses one or more medical devices in providing Goods and/or Services to UC. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or (iii) intended to affect the structure or any function of the body of man or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. Supplier warrants that prior to UC’s purchase or lease of any Medical Device Goods and/or Services or Supplier’s use of any Medical Device product in providing Goods and/or Services hereunder, Supplier will: (i) perform security testing and validation for each such Goods and/or Services or Medical Deviceproduct, as applicable; (ii) perform a security scan by an anti-virus scanner, with up-to-date signatures, on any software embedded within any Goods and/or Services or Medical Deviceproducts, as applicable, in order to verify that the software does not contain any known viruses or malware; and (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC with reports for (i) – (iii). Supplier warrants that all security testing performed by Supplier covers all issues noted in the “SANS WE TOP 25” and/or “OWASP Top 10” documentation. Throughout Supplier’s performance of this Agreement, Supplier will provide UC with reasonably up-to-date patches, firmware and security updates for any Medical Device all Goods and/or Services provided to UC, and any other Medical Device products used in the course of providing Services, as applicable. All such patches and other security updates will be made available to UC within thirty (30) days of its commercial release or as otherwise recommended by Supplier or Supplier’s sub-supplier, whichever is earlier. Supplier warrants that all software and installation media not specifically required for any Medical Device products used by Supplier or Goods and/or Services delivered to UC under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods and/or Services or Medical Device products following installation, and that all hardware ports and drives not required for use or operation of such Goods and/or Services or Medical Device products will be disabled at time of installation. In addition, Medical Devices must be configured so that only Supplier-approved applications will run on such Medical Devices. Supplier agrees that UC may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certification, will impact, limit, reduce or negate Supplier’s warranties or any of Supplier’s other obligations hereunder. Supplier warrants that any Medical Device all of the Goods and Services provided to UC, and any other Medical Device products used in the course of providing such Goods and/or Services, meet and comply with all cyber-security guidance and similar standards promulgated by the FDA U.S. Food and Drug Administration and any other applicable regulatory body. If the Goods and/or Services entail provision or use of a Medical Devicemedical devices, Supplier will provide UC with a completed Manufacturer Disclosure Statement for Medical Device Security (MDS2) form for each such Medical Device medical device before UC is obligated to purchase or lease such Medical Device medical device or prior to Supplier’s use of such device device(s) in its performance of Services. If Supplier provides an MDS2 form form(s) to UC concurrently with its provision of Goods and/or Services, UC will have a reasonable period of time to review such MDS2 formform(s), and if the MDS2 form form(s) is unacceptable to UC, then UC in its sole discretion may return the Goods or terminate the Agreement with no further obligation to Supplier.

Medical Devices. This Article applies when the Goods and/or Services involve UC purchasing or leasing one or more medical devices from Supplier, or when Supplier uses one or more medical devices in providing Goods and/or Services to UC. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or (iii) intended to affect the structure or any function of the body of man or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. Supplier warrants that prior to UC’s purchase or lease of any Medical Device or Supplier’s use of any Medical Device in providing Goods and/or Services hereunder, Supplier will: (i) perform security testing and validation for each such Goods and/or Services or Medical Device, as applicable; (ii) perform a security scan by an anti-virus scanner, with up-to-date signatures, on any software embedded within any Goods and/or Services or Medical Device, as applicable, in order to verify that the software does not contain any known viruses or malware; (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC with reports for (i) – (iii). Supplier warrants that all security testing performed by Supplier covers all issues noted in the “SANS WE TOP 25” and/or “OWASP Top 10” documentation. Throughout Supplier’s performance of this Agreement, Supplier will provide UC with reasonably up-to-date patches, firmware and security updates for any Medical Device provided to UC, and any other Medical Device used in the course of providing Services, as applicable. All such patches and other security updates will be made available to UC within thirty (30) days of its commercial release or as otherwise recommended by Supplier or Supplier’s sub-supplier, whichever is earlier. Supplier warrants that all software and installation media not specifically required for any Medical Device used by Supplier or Goods and/or Services delivered to UC under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods and/or Services or Medical Device following installation, and that all hardware ports and drives not required for use or operation of such Goods and/or Services or Medical Device will be disabled at time of installation. In addition, Medical Devices must be configured so that only Supplier-approved applications will run on such Medical Devicesrun. Supplier agrees that UC may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certification, will impact, limit, reduce or negate Supplier’s warranties or any of Supplier’s other obligations hereunder. Supplier warrants that any Medical Device provided to UC, and any other Medical Device used in the course of providing such Goods and/or Services, meet and comply with all cyber-security guidance and similar standards promulgated by the FDA and any other applicable regulatory body. If the Goods and/or Services entail provision or use of a Medical Device, Supplier will provide UC with a completed Manufacturer Disclosure Statement for Medical Device Security (MDS2) form for each such Medical Device before UC is obligated to purchase or lease such Medical Device or prior to Supplier’s use of such device in its performance of Services. If Supplier provides an MDS2 form to UC concurrently with its provision of Goods and/or Services, UC will have a reasonable period of time to review such MDS2 form, and if the MDS2 form is unacceptable to UC, then UC in its sole discretion may return the Goods or terminate the Agreement with no further obligation to Supplier.

Medical Devices. This Article Section applies when the Goods and/or Services involve UC ACWN purchasing or leasing one or more medical devices from SupplierSeller, or when Supplier Seller uses one or more medical devices in providing Goods and/or Services to UCACWN. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or (iii) intended to affect the structure or any function of the body of man or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. Supplier Seller warrants that prior to UCSeller’s purchase or lease of any Medical Device Goods and/or Services or SupplierSeller’s use of any Medical Device product in providing Goods and/or Services hereunder, Supplier Seller will: (i) perform security testing and validation for each such Goods and/or Services or Medical Deviceproduct, as applicable; (ii) perform a security scan by an anti-virus scanner, with up-to-date signatures, on any software embedded within any Goods and/or Services or Medical Deviceproducts, as applicable, in order to verify that the software does not contain any known viruses or malware; (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC Seller with reports for (i) – (iii). Supplier Seller warrants that all security testing performed by Supplier Seller covers all issues noted in the “SANS WE CWE TOP 25” and/or “OWASP Top 10” documentation. Throughout SupplierSeller’s performance of this Agreementperformance, Supplier Seller will provide UC with reasonably up-to-date patches, firmware and security updates for any Medical Device all Goods and/or Services provided to UCACWN, and any other Medical Device products used in the course of providing Services, as applicable. All such patches and other security updates will be made available to UC ACWN within thirty (30) days of its commercial release or as otherwise recommended by Supplier Seller or SupplierSeller’s sub-supplierSeller, whichever is earlier. Supplier Seller warrants that all software and installation media not specifically required for any Medical Device products used by Supplier ACWN or Goods and/or Services delivered to UC ACWN under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods and/or Services or Medical Device products following installation, and that all hardware ports and drives not required for use or operation of such Goods and/or Services or Medical Device products will be disabled at time of installation. In addition, Medical Devices must be configured so that only SupplierSeller-approved applications will run on such Medical Devicesrun. Supplier Seller agrees that UC ACWN may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certification, will impact, limit, reduce or negate SupplierSeller’s warranties or any of SupplierSeller’s other obligations hereunder. Supplier Seller warrants that any Medical Device all of the Goods and/or Services provided to UCACWN, and any other Medical Device products used in the course of providing such Goods and/or Services, meet and comply with all cyber-security guidance and similar standards promulgated by the FDA U.S. Food and Drug Administration and any other applicable regulatory body. If the Goods and/or Services entail provision or use of a Medical Devicemedical devices, Supplier Seller will provide UC ACWN with a completed Manufacturer Disclosure Statement for Medical Device Security (MDS2) form for each such Medical Device medical device before UC ACWN is obligated to purchase or lease such Medical Device medical device or prior to SupplierSeller’s use of such device device(s) in its performance of Services. If Supplier Seller provides an MDS2 form form(s) to UC ACWN concurrently with its provision of Goods and/or Services, UC ACWN will have a reasonable period of time to review such MDS2 formform(s), and if the MDS2 form form(s) is unacceptable to UCACWN, then UC ACWN in its sole discretion may return the Goods or terminate the Agreement PO with no further obligation to SupplierSeller.

Medical Devices. This Article applies when the Goods and/or Services involve UC purchasing or leasing one or more medical devices from Supplier, or when Supplier uses one or more medical devices in providing Goods and/or Services to UC. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man humans or other animals, or (iii) intended to affect the structure or any function of the body of man humans or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man humans or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposesintendedpurposes. Supplier warrants that prior to UC’s purchase or lease of any Medical Device or Supplier’s use of any Medical Device in providing Goods and/or Services hereunder, Supplier will: (i) perform security testing and validation for each such Goods and/or Services or Medical Device, as applicable; (ii) perform a security scan by an anti-virus scanner, with up-to-date signatures, scans to detect malware on any software embedded within any Goods and/or Services or Medical Device, as applicable, in order to verify that the software does not contain any known viruses or malware; (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC with reports for (i) – (iii). Supplier warrants that all security testing performed by Goods or Medical Devices are compliant with FDA’s most current guidance or regulation for the quality system related to the cybersecurity and the Management of Cybersecurity in Medical Devices, and that Supplier covers all issues noted in the “SANS WE TOP 25” and/or “OWASP Top 10” documentationwill maintain compliance with any updates to such guidance or regulations. Throughout Supplier’s performance of this Agreement, Supplier will provide UC with reasonably up-to-date up‐to‐date patches, firmware and security updates for any Medical Device provided to UC, and any other Medical Device used in the course of providing Services, as applicable. All such patches and other security updates will be made available to UC within thirty (30) days of its commercial release or as otherwise recommended by Supplier or Supplier’s sub-suppliersub‐supplier, whichever is earlier. Supplier warrants that all software and installation media not specifically required for any Medical Device used by Supplier or Goods and/or Services delivered to UC under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods and/or Services or Medical Device following installation, and that all hardware ports and drives drivers not required for use or operation of such Goods and/or Services or Medical Device will be disabled at time of installation. In addition, Medical Devices must be configured so that only Supplier-approved Supplier‐approved applications will run on such Medical Devices. Supplier agrees that UC may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certification, will impact, limit, reduce or negate Supplier’s warranties or any of Supplier’s other obligations hereunder. Supplier warrants that any Medical Device provided to UC, and any other Medical Device used in the course of providing such Goods and/or Services, meet and comply with all cyber-security cyber‐security guidance and similar standards promulgated by the FDA and any other applicable regulatory body. If the Goods and/or Services entail provision or use of a Medical Device, Supplier will provide UC with a completed Manufacturer Disclosure Statement for Medical Device Security (MDS2) form for each such Medical Device before UC is obligated to purchase or lease such Medical Device or prior to Supplier’s use of such device in its performance of Services. If Supplier provides an MDS2 form to UC concurrently with its provision of Goods and/or Services, UC will have a reasonable period of time to review such MDS2 form, and if the MDS2 form is unacceptable to UC, then UC in its sole discretion may return the Goods or terminate the Agreement with no further obligation to Supplier.

Medical Devices. This Article applies when the Goods and/or Services involve UC purchasing or leasing one or more medical devices from Supplier, or when Supplier uses one or more medical devices in providing Goods and/or Services to UC. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or (iii) intended to affect the structure or any function of the body of man or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. Supplier warrants that prior to UC’s purchase or lease of any Medical Device or Supplier’s use of any Medical Device in providing Goods and/or Services hereunder, Supplier will: (i) perform security testing and validation for each such Goods and/or Services or Medical Device, as applicable; (ii) perform a security scan by an anti-virus scanner, with up-to-date signatures, on any software embedded within any Goods and/or Services or Medical Device, as applicable, in order to verify that the software does not contain any known viruses or malware; (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC with reports for (i) – (iii). Supplier warrants that all security testing performed by Supplier covers all issues noted in the “SANS WE TOP 25” and/or “OWASP Top 10” documentation. Throughout Supplier’s performance of this Agreement, Supplier will provide UC with reasonably up-to-date patches, firmware and security updates for any Medical Device provided to UC, and any other Medical Device used in the course of providing Services, as applicableappl icable. All such patches and other security updates will be made available to UC within thirty (30) days of its commercial release or as otherwise recommended by Supplier or Supplier’s sub-supplier, whichever is earlier. Supplier warrants that all software and installation media not specifically required for any Medical Device used by Supplier or Goods and/or Services delivered to UC under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods and/or Services or Medical Device following installation, and that all hardware ports and drives not required for use or operation of such Goods and/or Services or Medical Device will be disabled at time of installation. In addition, Medical Devices must be configured so that only Supplier-approved applications will run on such Medical Devices. Supplier agrees that UC may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certification, will impact, limit, reduce or negate Supplier’s warranties or any of Supplier’s other obligations hereunder. Supplier warrants that any Medical Device provided to UC, and any other Medical Device used in the course of providing such Goods and/or Services, meet and comply with all cyber-security guidance and similar standards promulgated by the FDA and any other applicable regulatory body. If the Goods and/or Services entail provision or use of a Medical Device, Supplier will provide UC with a completed Manufacturer Disclosure Statement for Medical Device Security (MDS2) form for each such Medical Device before UC is obligated to purchase or lease such Medical Device or prior to Supplier’s use of such device in its performance of Services. If Supplier provides an MDS2 form to UC concurrently with its provision of Goods and/or Services, UC will have a reasonable period of time to review such MDS2 form, and if the MDS2 form is unacceptable to UC, then UC in its sole discretion may return the Goods or terminate the Agreement with no further obligation to Supplier.

Medical Devices. This Article applies when the Goods and/or Services involve UC purchasing or leasing one or more medical devices from Supplier, or when Supplier uses one or more medical devices in providing Goods and/or Services to UC. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man humans or other animals, or (iii) intended to affect the structure or any function of the body of man humans or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man humans or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. Supplier warrants that prior to UC’s purchase or lease of any Medical Device or Supplier’s use of any Medical Device in providing Goods and/or Services hereunder, Supplier will: (i) perform security testing and validation for each such Goods and/or Services or Medical Device, as applicable; (ii) perform a security scan by an anti-virus scanner, with up-to-date signatures, scans to detect malware on any software embedded within any Goods and/or Services or Medical Device, as applicable, in order to verify that the software does not contain any known viruses or malware; (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC with reports for (i) – (iii). Supplier warrants that all security testing performed by any Good or Medical Device is compliant with FDA’s most current guidance or regulation for the quality system related to the cybersecurity and the Management of Cybersecurity in Medical Devices, and that Supplier covers all issues noted in the “SANS WE TOP 25” and/or “OWASP Top 10” documentationwill maintain compliance with any updates to such guidance orregulations. Throughout Supplier’s performance of this Agreement, Supplier will provide UC with reasonably up-to-date patches, firmware and security updates for any Medical Device provided to UC, and any other Medical Device used in the course of providing Services, as applicable. All such patches and other security updates will be made available to UC within thirty (30) days of its commercial release or as otherwise recommended by Supplier or Supplier’s sub-supplier, whichever is earlier. Supplier warrants that all software and installation media not specifically required for any Medical Device used by Supplier or Goods and/or Services delivered to UC under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods and/or Services or Medical Device following installation, and that all hardware ports and drives drivers not required for use or operation of such Goods and/or Services or Medical Device will be disabled at time of installation. In addition, Medical Devices must be configured so that only Supplier-approved applications will run on such Medical Devices. Supplier agrees that UC may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certification, will impact, limit, reduce or negate Supplier’s warranties or any of Supplier’s other obligations hereunder. Supplier warrants that any Medical Device provided to UC, and any other Medical Device used in the course of providing such Goods and/or Services, meet and comply with all cyber-security guidance and similar standards promulgated by the FDA and any other applicable regulatory body. If the Goods and/or Services entail provision or use of a Medical Device, Supplier will provide UC with a completed Manufacturer Disclosure Statement for Medical Device Security (MDS2) form for each such Medical Device before UC is obligated to purchase or lease such Medical Device or prior to Supplier’s use of such device in its performance of Services. If Supplier provides an MDS2 form to UC concurrently with its provision of Goods and/or Services, UC will have a reasonable period of time to review such MDS2 form, and if the MDS2 form is unacceptable to UC, then UC in its sole discretion may return the Goods or terminate the Agreement with no further obligation to Supplier.

Medical Devices. This Article applies when the Goods and/or Services involve UC purchasing or leasing one or more medical devices from Supplier, or when Supplier uses one or more medical devices in providing Goods and/or Services to UC. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or (iii) intended to affect the structure or any function of the body of man or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. Supplier warrants that prior to UC’s purchase or lease of any Medical Device or Supplier’s use of any Medical Device in providing Goods and/or Services hereunder, Supplier will: (i) perform security testing and validation for each such Goods and/or Services or Medical Device, as applicable; (ii) perform a security scan by an anti-virus scanner, with up-to-date signatures, on any software embedded within any Goods and/or Services or Medical Device, as applicable, in order to verify that the software does not contain any known viruses or malware; (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC with reports for (i) – (iii). Supplier warrants that all security testing performed by Supplier covers all issues noted in the “SANS WE TOP 25” and/or “OWASP Top 10” documentation. Throughout Supplier’s performance of this Agreement, Supplier will provide UC with reasonably up-to-date patches, firmware and security updates for any Medical Device provided to UC, and any other Medical Device used in the course of providing Services, as applicable. All such patches and other security updates will be made available to UC within thirty (30) days of its commercial release or as otherwise recommended by Supplier or Supplier’s sub-supplier, whichever is earlier. Supplier warrants that all software and installation media not specifically required for any Medical Device used by Supplier or Goods and/or Services delivered to UC under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods and/or Services or Medical Device following installation, and that all hardware ports and drives not required for use or operation of such Goods and/or Services or Medical Device will be disabled at time of installation. In addition, Medical Devices must be configured so that only Supplier-approved applications will run on such Medical Devices. Supplier agrees that UC may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certification, will impact, limit, reduce or negate Supplier’s warranties or any of Supplier’s other obligations hereunder. Supplier warrants that any Medical Device provided to UC, and any other Medical Device used in the course of providing such Goods and/or Services, meet and comply with all cyber-security guidance and similar standards promulgated by the FDA and any other applicable regulatory body. If the Goods and/or Services entail provision or use of a Medical Device, Supplier will provide UC with a completed Manufacturer Disclosure Statement for Medical Device Security (MDS2) form for each such Medical Device before UC is obligated to purchase or lease such Medical Device or prior to Supplier’s use of such device in its performance of Services. If Supplier provides an MDS2 form to UC concurrently with its provision of Goods and/or Services, UC will have a reasonable period of time to review such MDS2 form, and if the MDS2 form is unacceptable to UC, then UC in its sole discretion may return the Goods or terminate the Agreement with no further obligation to Supplier.. Contract Addendum – Required UC Terms Page 9 of 9

Medical Devices. This Article applies when the Goods and/or Services involve UC purchasing or leasing one or more medical devices from Supplier, or when Supplier uses one or more medical devices in providing Goods and/or Services to UC. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man humans or other animals, or (iii) intended to affect the structure or any function of the body of man humans or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man humans or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. Supplier warrants that prior to UC’s purchase or lease of any Medical Device or Supplier’s use of any Medical Device in providing Goods and/or Services hereunder, Supplier will: (i) perform security testing and validation for each such Goods and/or Services or Medical Device, as applicable; (ii) perform a security scan by an anti-virus scanner, with up-to-date signatures, scans to detect malware on any software embedded within any Goods and/or Services or Medical Device, as applicable, in order to verify that the software does not contain any known viruses or malware; (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC with reports for (i) – (iii). Supplier warrants that all security testing performed by Goods or Medical Devices are compliant with FDA’s most current guidance or regulation for the quality system related to the cybersecurity and the Management of Cybersecurity in Medical Devices, and that Supplier covers all issues noted in the “SANS WE TOP 25” and/or “OWASP Top 10” documentationwill maintain compliance with any updates to such guidance or regulations. Throughout Supplier’s performance of this Agreement, Supplier will provide UC with reasonably up-to-date up‐to‐date patches, firmware and security updates for any Medical Device provided to UC, and any other Medical Device used in the course of providing Services, as applicable. All such patches and other security updates will be made available to UC within thirty (30) days of its commercial release or as otherwise recommended by Supplier or Supplier’s sub-suppliersub‐supplier, whichever is earlier. Supplier warrants that all software and installation media not specifically required for any Medical Device used by Supplier or Goods and/or Services delivered to UC under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods and/or Services or Medical Device following installation, and that all hardware ports and drives drivers not required for use or operation of such Goods and/or Services or Medical Device will be disabled at time of installation. In addition, Medical Devices must be configured so that only Supplier-approved Supplier‐approved applications will run on such Medical Devices. Supplier agrees that UC may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certification, will impact, limit, reduce or negate Supplier’s warranties or any of Supplier’s other obligations hereunder. Supplier warrants that any Medical Device provided to UC, and any other Medical Device used in the course of providing such Goods and/or Services, meet and comply with all cyber-security cyber‐security guidance and similar standards promulgated by the FDA and any other applicable regulatory body. If the Goods and/or Services entail provision or use of a Medical Device, Supplier will provide UC with a completed Manufacturer Disclosure Statement for Medical Device Security (MDS2) form for each such Medical Device before UC is obligated to purchase or lease such Medical Device or prior to Supplier’s use of such device in its performance of Services. If Supplier provides an MDS2 form to UC concurrently with its provision of Goods and/or Services, UC will have a reasonable period of time to review such MDS2 form, and if the MDS2 form is unacceptable to UC, then UC in its sole discretion may return the Goods or terminate the Agreement with no further obligation to Supplier.

Medical Devices. This Article applies when the Goods and/or Services involve UC purchasing or leasing one or more medical devices from Supplier, or when Supplier uses one or more medical devices in providing Goods and/or Services to UC. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man humans or other animals, or (iii) intended to affect the structure or any function of the body of man humans or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man humans or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. Supplier warrants that prior to UC’s purchase or lease of any Medical Device or Supplier’s use of any Medical Device in providing Goods and/or Services hereunder, Supplier will: (i) perform security testing and validation for each such Goods and/or Services or Medical Device, as applicable; (ii) perform a security scan by an anti-virus scanner, with up-to-date signatures, scans to detect malware on any software embedded within any Goods and/or Services or Medical Device, as applicable, in order to verify that the software does not contain any known viruses or malware; (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC with reports for (i) – (iii). Supplier warrants that all security testing performed by any Good or Medical Device is compliant with FDA’s most current guidance or regulation for the quality system related to the cybersecurity and the Management of Cybersecurity in Medical Devices, and that Supplier covers all issues noted in the “SANS WE TOP 25” and/or “OWASP Top 10” documentationwill maintain compliance with any updatesto such guidance or regulations. Throughout Supplier’s performance of this Agreement, Supplier will provide UC with reasonably up-to-date patches, firmware and security updates for any Medical Device provided to UC, and any other Medical Device used in the course of providing Services, as applicableappl icable. All such patches and other security updates will be made available to UC within thirty (30) days of its commercial release or as otherwise recommended by Supplier or Supplier’s sub-supplier, whichever is earlier. Supplier warrants that all software and installation media not specifically required for any Medical Device used by Supplier or Goods and/or Services delivered to UC under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods and/or Services or Medical Device following installation, and that all hardware ports and drives drivers not required for use or operation of such Goods and/or Services or Medical Device will be disabled at time of installation. In addition, Medical Devices must be configured so that only Supplier-approved applications will run on such Medical Devices. Supplier agrees that UC may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certification, will impact, limit, reduce or negate Supplier’s warranties or any of Supplier’s other obligations hereunder. Supplier warrants that any Medical Device provided to UC, and any other Medical Device used in the course of providing such Goods and/or Services, meet and comply with all cyber-security guidance and similar standards promulgated by the FDA and any other applicable regulatory body. If the Goods and/or Services entail provision or use of a Medical Device, Supplier will provide UC with a completed Manufacturer Disclosure Statement for Medical Device Security (MDS2) form for each such Medical Device before UC is obligated to purchase or lease such Medical Device or prior to Supplier’s use of such device in its performance of Services. If Supplier provides an MDS2 form to UC concurrently with its provision of Goods and/or Services, UC will have a reasonable period of time to review such MDS2 form, and if the MDS2 form is unacceptable to UC, then UC in its sole discretion may return the Goods or terminate the Agreement with no further obligation to Supplier.

Medical Devices. This Article applies when the Goods and/or Services involve UC purchasing or leasing one or more medical devices from Supplier, or when Supplier uses one or more medical devices in providing Goods and/or Services to UC. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or (iii) intended to affect the structure or any function of the body of man or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. purposes.‌ Supplier warrants that prior to UC’s purchase or lease of any Medical Device Goods and/or Services or Supplier’s use of any Medical Device product in providing Goods and/or Services hereunder, Supplier will: (i) perform security testing and validation for each such Goods and/or Services or Medical Deviceproduct, as applicable; (ii) perform a security scan by an anti-virus scanner, with up-to-date signatures, on any software embedded within any Goods and/or Services or Medical Deviceproducts, as applicable, in order to verify that the software does not contain any known viruses or malware; (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC with reports for (i) – (iii). Supplier warrants that all security testing performed by Supplier covers all issues noted in the “SANS WE TOP 25” and/or “OWASP Top 10” documentation. Throughout Supplier’s performance of this Agreement, Supplier will provide UC with reasonably up-to-date patches, firmware and security updates for any Medical Device all Goods and/or Services provided to UC, and any other Medical Device products used in the course of providing Services, as applicable. All such patches and other security updates will be made available to UC within thirty (30) days of its commercial release or as otherwise recommended by Supplier or Supplier’s sub-supplier, whichever is earlier. Supplier warrants that all software and installation media not specifically required for any Medical Device products used by Supplier or Goods and/or Services delivered to UC under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods and/or Services or Medical Device products following installation, and that all hardware ports and drives not required for use or operation of such Goods and/or Services or Medical Device products will be disabled at time of installation. In addition, Medical Devices must be configured so that only Supplier-approved applications will run on such Medical Devicesrun. Supplier agrees that UC may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certification, will impact, limit, reduce or negate Supplier’s warranties or any of Supplier’s other obligations hereunder. Supplier warrants that any Medical Device all of the Goods and/or Services provided to UC, and any other Medical Device products used in the course of providing such Goods and/or Services, meet and comply with all cyber-security guidance and similar standards promulgated by the FDA U.S. Food and Drug Administration and any other applicable regulatory body. If the Goods and/or Services entail provision or use of a Medical Devicemedical devices, Supplier will provide UC with a completed Manufacturer Disclosure Statement for Medical Device Security (MDS2) form for each such Medical Device medical device before UC is obligated to purchase or lease such Medical Device medical device or prior to Supplier’s use of such device device(s) in its performance of Services. If Supplier provides an MDS2 form form(s) to UC concurrently with its provision of Goods and/or Services, UC will have a reasonable period of time to review such MDS2 formform(s), and if the MDS2 form form(s) is unacceptable to UC, then UC in its sole discretion may return the Goods or terminate the Agreement with no further obligation to Supplier.