Cybersecurity for Medical Devices

Comprehensive assessments and tests related to the cybersecurity of your medical device

Comprehensive assessments and tests related to the cybersecurity of your medical device

Why Cybersecurity is Important for Medical devices 

There are regulatory, ethical and financial reasons to ensure the cyber security of medical devices and their accessories. For example:

Cybersecurity for Medical Devices Within an IoT System

  • If unauthorized access is gained to a medical device, there can be severe consequences. That is why it's crucial for cybersecurity risks to be considered both during both the development phase as in the procurement and installation of medical devices.
  • Patient privacy within the framework of the doctor-patient relationship is extremely important and could be compromised in a data breach.

Device manufacturers and health organizations that use unsecure technology and fail to guarantee the cyber security of their medical devices pay heavy penalties, both financially and in terms of their reputation.

Our services to test and assess the cybersecurity of medical devices

The Life Cycle of Medical Devices

Globally, there is an increasing awareness of cybersecurity for medical devices from the regulatory organizations. For example, the FDA, the European Commission and Health Canada have published guidelines on how to meet cybersecurity regulations. These guidelines specify whether it is necessary to carry out vulnerability scans or penetration tests during the development of medical devices. It is better to implement the cybersecurity requirements early in the development process rather than having to include and integrate these requirements to the finished product.

Our testing labs offer a comprehensive range of services to test and assess the cybersecurity of your medical devices.

These Include: 

  • System testing
    • Assessment of the cybersecurity system against MDCG 2019-16 (MDR, IVDR), the UL 2900-2-1 or IEC/TR 60601-4-5 standards or an internal TÜV SÜD checklist 
    • Optional vulnerability scan
  • Compliance assessments
    • Testing against the standards
      • UL 2900-2-1
      • IEC/TR 60601-4-5
    • Detailed test report
    • Optional: report on compliance with FDA pre-market requirements or MDCG 2019-16 guidelines
    • Compliance audit 
    • Vulnerability scan including manual tests
    • Penetration tests in accordance with OWASP IoT (e.g. insufficient privacy protection, security risks in updating systems, unsecure network services, unsecure data transfer and storage)
  • Tailor-made cyber security tests
    • Identification of extra testing requirements not covered by the standards listed above
    • Development of product-specific testing methods
    • Assessment of provider-specific security solutions


Next Steps

Site Selector