Choose another country to see content specific to your location

//Select Country

Medical device cyber security

Top 5 frequently asked questions

To address cyber security requirements; the FDA, EU and Health Canada have indicated that vulnerability scan and penetration testing should be considered during the development of medical devices. Below are 5 frequently asked questions regarding the cyber security of medical devices:

1. Does a vulnerability scan and penetration test that do not reveal any findings indicate that my device is secure?

No, the lack of findings does not indicate that the device is secure. Keep in mind that cyber security must be based on a well-structured development process plus tests.

2. Is there a law that requires a vulnerability scan to be conducted?

No, there are no laws that requires it to be conducted. However, most guidance documents and standards indicate that such a scan should be considered. This means that you should have good arguments in the event you decide to skip it. The same applies for penetration tests.

3. Do I have to repeat a vulnerability scan or penetration test after each software change?

You must consider security related tests regarding to the change as well as regression tests which show that your change did not have a negative effect on the cyber security of your device. In most cases a vulnerability scan or penetration test should be repeated; at least partly.

4. Can I conduct the vulnerability scan and penetration test on my own?

Yes, you can conduct these tests on your own but you need to have the appropriate competences within your organisation. Nonetheless, it helps to have a second pair of eyes on your devices. 

5. Why should I use a 3rd party for a cyber security assessment?

The most important argument for a 3rd party assessment is the impartiality of the 3rd party provider. Depending on the provider you choose; you may also benefit from a provider that a broader knowledge.

EXPLORE

Cyber security for medical devices
Webinar

Cyber security of medical devices

Managing the challenges and risks relating to cyber security

Learn more

New Medical Device Regulation
Infographics

The New Medical Device Regulation

On May 5th 2017, the European commission has published a new regulation for medical devices.

Learn more

Wearable Doctors
Stories

Wearable Doctors

Transforming the way we track, manage and improve our health

Learn more

VIEW ALL INDUSTRY RESOURCES

Next Steps

Select Your Location

Global

Americas

Asia

Europe

Middle East and Africa