Medical device cyber security

Why is medical device cyber security testing important?

There are multiple regulatory, ethical and business reasons to ensure that all digital healthcare and medical devices are thoroughly tested and secure, including:

  • Compliance with regulatory requirements such as the In Vitro Diagnostic Medical Device Regulation (IVDR), the In Vitro Diagnostic Medical Device Directive (IVDD), the Medical Device Regulation (MDR), Medical Device Directive (MDD), and the Active Implantable Medical Device Directive (AIMDD) in the EU; as well as the regional requirements of the US FDA, China FDA and the Japan Ministry of Health and Welfare
  • Unauthorised access to medical devices could result in death or severe injury, so manufacturers and medical device procurement teams must ensure the technology is secure
  • Privacy is extremely important for patient confidentiality – a breach would undermine that privacy

Failing to ensure medical device cyber security could lead to significant reputational damage for device manufacturers and healthcare organisations that use insecure technology 

TÜV SÜD’S medical device cyber security testing and assessment services

TÜV SÜD’s test labs offer you a comprehensive set of assessment and testing activities related to the cyber security of your medical device. These include:

Concept assessment

  • Assessment of the cyber security concept against requirements from UL-2900-2-1, IEC 62443-4-2 or TÜV SÜD Johner checklist
  • Written report covering the concept
  • Optional vulnerability scan

Compliance assessments

  • Validate compliance standard(s)
    • UL 2900-2-1
    • IEC 62443-4-2 (the basis of the upcoming IEC/TR 60601-4-5)
  • Detailed test report
  • Optional: report against FDA pre-market-requirements
  • Compliance audit
  • Vulnerability scan including manual tests
  • Penetration tests based on OWASP IoT (e.g. insufficient privacy protection, lack of secure update mechanism, insecure network services, insecure data transfer and storage)

Customised solutions

  • Identify additional requirements for the products that are not covered in the standards
  • Develop customised test methods
  • Assess vendor specific security solutions e.g. for hospitals

Contact TÜV SÜD to secure your networked medical device 

TÜV SÜD is a world leader in cybersecurity testing and has worked with medical device manufacturers around the world to assess the quality and safety of their devices. We have extensive experience of conducting testing on a wide range of networked medical devices. Our assessments are based on IEC 62443-4-2, UL-2900-2-1 (based on UL-2900-1), a TÜV SÜD internal checklist and the FDA guidance; thus aiding your compliance to regulations and access to global markets.



New Medical Device Regulation New Medical Device Regulation

The New Medical Device Regulation

On May 5th 2017, the European commission has published a new regulation for medical devices.

Learn more

Smart healthcare Smart healthcare

Smart Healthcare

New technology for successful ageing

Learn more

The Future of Healthcare The Future of Healthcare

The Future of Healthcare

Overcoming hazards in connected healthcare

Learn more

Wearable Doctors Wearable Doctors

Wearable Doctors

Transforming the way we track, manage and improve our health

Learn more


Next Steps