Cybersecurity for Medical Devices
MDACS ยท ISO 14971 ยท IMDRF cybersecurity guidance
Why Cybersecurity Mattersโ
Medical devices that are networked, connected to other systems, or incorporate software face cybersecurity risks that could affect patient safety โ including:
- Unauthorised access or manipulation of device functionality
- Data breaches affecting patient privacy
- Malware affecting device operation
MDACS Cybersecurity Approachโ
The MDD expects cybersecurity risks to be addressed within the risk management process (ISO 14971). Manufacturers should:
- Identify cybersecurity threats โ who could attack, what vulnerabilities exist, what impact failure would cause
- Implement security controls โ authentication, encryption, network segmentation, update mechanisms
- Validate security measures โ penetration testing, vulnerability scanning
- Plan post-market cybersecurity monitoring โ processes for detecting and responding to new vulnerabilities
Relevant Standards and Guidanceโ
| Standard/Guidance | Scope |
|---|---|
| IEC 81001-5-1 | Health software and health IT โ cybersecurity |
| IMDRF N60 | Cybersecurity guidance |
| NIST Cybersecurity Framework | General cybersecurity framework |