Medical device cybersecurity is intended to protect digital medical devices from threats such as hacking and unintended data leaks. There is a growing number of high-tech, internet of things medical devices which are connected to wider networks - this connectivity brings many benefits, yet it also exposes medical data to potential healthcare cybersecurity risks. Medical device regulation and standards have been developed to ensure that medical devices can withstand potential breaches and therefore protect patient data. Medical device cybersecurity testing ensures that a medical device complies with these standards and significantly reduces the chances of a breach.
There are multiple regulatory, ethical and business reasons to ensure that all digital healthcare devices are thoroughly tested and secure, including:
TÜV SÜD is a world leader in cybersecurity testing and has worked with medical device manufacturers around the world to assess the quality and safety of their devices. We have extensive experience of conducting testing on a wide range of networked and medical devices.
TÜV SÜD’s test labs offer you a comprehensive set of assessment and testing activities related to the cybersecurity of your medical device. The basis for our assessment are either IEC 62443-4-2, UL-2900-2-1 (based on UL-2900-1), a TÜV SÜD internal checklist, FDA guidance or the Johner, TÜV SÜD free guideline which combines the most relevant requirements.
An assessment typically begins with the assessment of your processes within your quality management system which you use to ensure safety-by-design and with the assessment of the security concept for the concrete medical device – following the principle “fail early – fail cheap”. Once the design activities have been completed and a prototype is ready our testing services start. These include fuzz-tests, penetration tests, tests of known vulnerabilities and more, depending on the device.