A new position paper on cyber security
On October 5, 2022, the European Association for Medical Devices of Notified Bodies (Team NB) published a new position paper on cyber security of medical devices.
The increasing number of networked medical devices and the ongoing digitization in healthcare bring new market opportunities for the manufacturer and, above all, improvements in inpatient care. At the same time, it introduces new and different types of risks to the safety, security, and privacy of medical devices. A focus is placed on international standards and the use of a harmonized approach to security risk assessment. Team NB makes five recommendations in this paper.
To ensure that safety, security, and privacy is protected, a collective effort and efficiency is necessary. This paper therefore outlines areas which may be used as possible solutions to current challenges by focusing on international standards, use of a harmonised approach to security risk assessment, and by seeking a coherent harmonised approach for high level penetration test requirements, to support the medical device software development lifecycle through development to post market surveillance, and through end of device lifetime with use of the quality management system, Medical Device/In-vitro Diagnostic Device regulatory framework and guidance’s from regulatory bodies.