Choose another country to see content specific to your location

//Select Country
About
Careers
Press and Media
Select Your Location
Industries & Services
Industries
Healthcare and Medical Devices
Healthcare
Medical Devices and IVD
Energy
Conventional Power
Nuclear Power
Solar Power
Wind Power
Consumer Products & Retail
Electrical & Electronics
Lighting
Audio, Visual & IT Equipment
SEE ALL
Aerospace and Defense
Mobility & Automotive
Automotive & OEM
Fleet
Manufacturing
Components & Equipment
Machinery & Robotics
Industry 4.0
Infrastructure
Telecom & IT
See All
Amusement Rides and Theme Parks
Real Estate
Buildings
Lifts, Cranes & Conveyors
Services
Auditing & System Certification
Product Certification
Risk Management
Functional Safety
Technical Advisory
Cyber security
Testing
Global Market Access
Inspection
Training
Sustainability
Digital & IT
Resources
Resources
Resource Center
Accreditations and Certifications
Accreditations and Approvals
Certificate Finder
Download Certification Marks
Customer Feedback
Events
E-ssentials Newsletters
TÜV SÜD Store
Insights
About TRUST Magazine
Annual Report
Podcast
Stories
How can we help you?

Have a requirement or need some help? Contact us to find out how we can help you.

//Contact Us
Locations Contact Us
Locations Contact Us
Worldwide

Cybersecurity for Medical Devices

Comprehensive assessments and tests related to the cybersecurity of your medical device

About Cybersecurity For Medical Devices

There are multiple regulatory, ethical and business reasons to ensure that all digital healthcare and medical devices are thoroughly tested and secure, including:

  • Compliance with regulatory requirements such as the In Vitro Diagnostic Medical Device Regulation (IVDR), the In Vitro Diagnostic Medical Device Directive (IVDD), the Medical Device Regulation (MDR), Medical Device Directive (MDD), and the Active Implantable Medical Device Directive (AIMDD) in the EU; as well as the regional requirements of the US FDA, China FDA and the Japan Ministry of Health and Welfare
  • Unauthorized access to medical devices could result in death or severe injury, so manufacturers and medical device procurement teams must ensure the technology is secure
  • Privacy is extremely important for patient confidentiality – a breach would undermine that privacy

Failing to ensure medical device cybersecurity could lead to significant reputational damage for device manufacturers and healthcare organization that use insecure technology 

What yoU need to know about Vulnerability scans and penetration tests

The FDA, EU and Health Canada are working on standards and guidance documents that will indicate the need to consider vulnerability scans and penetration tests during the development of medical devices. To prevent the need for rework; some of the requirements should be tested early in the process. We address some frequently asked questions here to keep you informed on the latest developments.

our cybersecurity testing and assessment services

TÜV SÜD’s test labs offer you a comprehensive set of assessment and testing activities related to the cybersecurity of your medical device. These include:

Concept assessment

  • Assessment of the cybersecurity concept against requirements from UL-2900-2-1, IEC 62443-4-2 or TÜV SÜD Johner checklist
  • Written report covering the concept
  • Optional vulnerability scan

Compliance assessments

  • Validate compliance standard(s)
    • UL 2900-2-1
    • IEC 62443-4-2 (the basis of the upcoming IEC/TR 60601-4-5)
  • Detailed test report
  • Optional: report against FDA pre-market-requirements
  • Compliance audit
  • Vulnerability scan including manual tests
  • Penetration tests based on OWASP IoT (e.g. insufficient privacy protection, lack of secure update mechanism, insecure network services, insecure data transfer and storage)

Customized solutions

  • Identify additional requirements for the products that are not covered in the standards
  • Develop customized test methods
  • Assess vendor specific security solutions e.g. for hospitals

TÜV SÜD is a world leader in cybersecurity testing and has worked with medical device manufacturers around the world to assess the quality and safety of their devices. We have extensive experience of conducting testing on a wide range of networked medical devices. Our assessments are based on IEC 62443-4-2, UL-2900-2-1 (based on UL-2900-1), a TÜV SÜD internal checklist and the FDA guidance; thus aiding your compliance to regulations and access to global markets.

FAQ on Cybersecurity for Medical Devices

EXPLORE

Cybersecurity
Webinar

Cybersecurity of medical devices

The digitization of the medical sector brings with it countless opportunities.

MDCG Cybersecurity Webinar
Webinar

MDCG 2019/16 Cybersecurity

Fulfill requirements of Annex I to the MDR

Learn More

Security in Medical Artificial Intelligence
Webinar

Security in Medical AI

Fulfill general safety and performance requirements

Learn More

Artificial Intelligence in Medical Devices
Webinar

AI in Medical Devices

Learn the key features of AI in the medical field as well as the current global AI regulation framework

Learn More

VIEW ALL RESOURCES

Next Steps

// Contact Us
// Subscribe
// View Locations
LinkedIn Instagram Youtube Twitter

Select Your Location

Global

Americas

Asia

Europe

Middle East and Africa