Ahead of the full implementation of new MedTech Regulations, the European Commission has made guidance available to ensure medical devices are cyber-secure.
The Guidance, published by the Medical Devices Coordination Group (MDCG) gives a detailed look at the key topics technology developers need to bear in mind when designing their devices. These include basic cybersecurity procedures covering IT security, intended use and foreseeable misuse, and joint responsibility. There are also sections on risk assessment and management, as well as relevant legislation.
The MDGC explains:
“The primary purpose of this document is to provide manufacturers with guidance on how to fulfil all the relevant essential requirements of Annex I to the MDR and IVDR with regard to cybersecurity. However, and in light of the complexity of medical device supply chains and the role played by different operators in ensuring that devices are protected against unauthorised access and possible cyber threats, additional considerations concerning expectations from actors other than manufacturers are provided. In addition, a description of other EU and global pieces of legislation and guidance that are relevant to the domain of cybersecurity for medical devices has been provided in an Annex.”