Choose another country to see content specific to your location

//Select Country
About
Careers
Press and Media
Select Your Location
Industries & Services
Industries
Chemical and Process
Consumer Products & Retail
Food
Lighting and Luminaires
Textile and Clothing
SEE ALL
Energy
Conventional Power
Nuclear Power
Solar Power
Wind Power
Healthcare and Medical Devices
Healthcare
Medical Devices and IVD
Infrastructure & Rail
Infrastructure
Rail
Manufacturing
Components & Equipment
Machinery & Robotics
Mobility & Automotive
Automotive & OEM
Retail & Leasing
Fleet
Private Vehicle Owners
Real Estate
Buildings
Lifts, Cranes & Conveyors
Services
Auditing & System Certification
Testing Services
Product Certification
Inspection
Technical Advisory
Global Market Access
Training
Cyber security
Risk Management
Functional Safety
Sustainability Services
Resources
Resources
Resource Center
Accreditations & Approvals
Certificate Finder
Certification Mark Download Center
Customer Feedback
E-ssentials Newsletters
Events
TÜV SÜD Store
Insights
About TRUST Magazine
Annual Report
Stories
How can we help you?

Have a requirement or need some help? Contact us to find out how we can help you.

//Contact Us
Locations Contact Us
Locations Contact Us
Worldwide

Cybersecurity Testing for Medical Devices

Elevate your medical device testing to global standards

About cybersecurity For Medical Devices

There are multiple regulatory, ethical and business reasons to ensure that all digital healthcare and medical devices are thoroughly tested and secure, including:

  • Compliance with regulatory requirements such as the In Vitro Diagnostic Medical Device Regulation (IVDR), the In Vitro Diagnostic Medical Device Directive (IVDD), the Medical Device Regulation (MDR), Medical Device Directive (MDD), and the Active Implantable Medical Device Directive (AIMDD) in the EU; as well as the regional requirements of the US FDA, China FDA and the Japan Ministry of Health and Welfare
  • Unauthorized access to medical devices could result in death or severe injury, so manufacturers and medical device procurement teams must ensure the technology is secure
  • Privacy is extremely important for patient confidentiality – a breach would undermine that privacy

Failing to ensure medical device cybersecurity could lead to significant reputational damage for device manufacturers and healthcare organisations that use insecure technology 

What yo need to know about Vulnerability scans and penetration tests

The FDA, EU and Health Canada are working on standards and guidance documents that will indicate the need to consider vulnerability scans and penetration tests during the development of medical devices. To prevent the need for rework; some of the requirements should be tested early in the process. We address some frequently asked questions here to keep you informed on the latest developments.

our cybersecurity testing and assessment services

TÜV SÜD’s test labs offer you a comprehensive set of assessment and testing activities related to the cybersecurity of your medical device. These include:

Concept assessment

  • Assessment of the cybersecurity concept against requirements from UL-2900-2-1, IEC 62443-4-2 or TÜV SÜD Johner checklist
  • Written report covering the concept
  • Optional vulnerability scan

Compliance assessments

  • Validate compliance standard(s)
    • UL 2900-2-1
    • IEC 62443-4-2 (the basis of the upcoming IEC/TR 60601-4-5)
  • Detailed test report
  • Optional: report against FDA pre-market-requirements
  • Compliance audit
  • Vulnerability scan including manual tests
  • Penetration tests based on OWASP IoT (e.g. insufficient privacy protection, lack of secure update mechanism, insecure network services, insecure data transfer and storage)

Customized solutions

  • Identify additional requirements for the products that are not covered in the standards
  • Develop customized test methods
  • Assess vendor specific security solutions e.g. for hospitals

Contact us to secure your networked medical device 

TÜV SÜD is a world leader in cybersecurity testing and has worked with medical device manufacturers around the world to assess the quality and safety of their devices. We have extensive experience of conducting testing on a wide range of networked medical devices. Our assessments are based on IEC 62443-4-2, UL-2900-2-1 (based on UL-2900-1), a TÜV SÜD internal checklist and the FDA guidance; thus aiding your compliance to regulations and access to global markets.

FAQ on Cybersecurity for Medical Devices

EXPLORE

Cybersecurity
Webinar

Cybersecurity of medical devices

The digitization of the medical sector brings with it countless opportunities.

MDCG Cybersecurity Webinar
Webinar

MDCG 2019/16 Cybersecurity

Fulfill requirements of Annex I to the MDR

Learn More

Security in Medical Artificial Intelligence
Webinar

Security in Medical AI

Fulfill general safety and performance requirements

Learn More

Artificial Intelligence in Medical Devices
Webinar

Artificial Intelligence in Medical Devices

Learn the key features of AI in the medical field as well as the current global AI regulation framework

Learn More

VIEW ALL RESOURCES

Next Steps

// Contact Us
// Subscribe
// View Locations
LinkedIn Instagram Youtube Twitter

Select Your Location

Global

Americas

Asia

Europe

Middle East and Africa