Top 5 FAQs
Below are 5 frequently asked questions regarding the cyber security of medical devices:
No, the lack of findings does not indicate that the device is secure. Keep in mind that cyber security must be based on a well-structured development process plus tests.
No, there are no laws that requires it to be conducted. However, most guidance documents and standards indicate that such a scan should be considered. This means that you should have good arguments in the event you decide to skip it. The same applies for penetration tests.
You must consider security related tests regarding to the change as well as regression tests which show that your change did not have a negative effect on the cyber security of your device. In most cases a vulnerability scan or penetration test should be repeated; at least partly.
Yes, you can conduct these tests on your own but you need to have the appropriate competences within your organisation. Nonetheless, it helps to have a second pair of eyes on your devices.
The most important argument for a 3rd party assessment is the impartiality of the 3rd party provider. Depending on the provider you choose; you may also benefit from a provider that a broader knowledge.
The digitization of the medical sector brings with it countless opportunities.
Fulfill requirements of Annex I to the MDR
Fulfill general safety and performance requirements
Select Your Location
Bosnia and Herzegovina