Medical device cyber security

Undergoing tests is a critical step in the process of transforming an innovative design into a reliable and marketable product

Undergoing tests is a critical step in the process of transforming an innovative design into a reliable and marketable product

Why is the cyber security of medical devices important? 

There are regulatory, ethical and financial reasons to ensure the cyber security of medical devices and their accessories. For example:

  • If unauthorised access is gained to a medical device, there can be severe consequences. That is why it's crucial for cyber security risks to be considered both during both the development phase as in the procurement and installation of medical devices.
  • Patient privacy within the framework of the doctor-patient relationship is extremely important and could be compromised in a data breach.

Device manufacturers and health organisations that use unsecure technology and fail to guarantee the cyber security of their medical devices pay heavy penalties, both financially and in terms of their reputation.

Our services to test and assess the cyber security of medical devices

Globally, there is an increasing awareness of cyber security for medical devices from the regulatory organisations. For example, the FDA, the European Commission and Health Canada have published guidelines on how to meet cyber security regulations. These guidelines specify whether it is necessary to carry out vulnerability scans or penetration tests during the development of medical devices. It is better to implement the cyber security requirements early in the development process rather than having to include and integrate these requirements to the finished product.

We answer some of the most frequently asked questions to keep you up to date with the latest developments. 

Our testing labs offer a comprehensive range of services to test and assess the cyber security of your medical devices. These include: 

  • System testing
    • Assessment of the cybersecurity system against MDCG 2019-16 (MDR, IVDR), the UL 2900-2-1 or IEC/TR 60601-4-5 standards or an internal TÜV SÜD checklist 
    • Optional vulnerability scan
  • Compliance assessments
    • Testing against the standards
      • UL 2900-2-1
      • IEC/TR 60601-4-5
    • Detailed test report
    • Optional: report on compliance with FDA pre-market requirements or MDCG 2019-16 guidelines
    • Compliance audit 
    • Vulnerability scan including manual tests
    • Penetration tests in accordance with OWASP IoT (e.g. insufficient privacy protection, security risks in updating systems, unsecure network services, unsecure data transfer and storage)
  • Tailor-made cyber security tests
    • Identification of extra testing requirements not covered by the standards listed above
    • Development of product-specific testing methods
    • Assessment of provider-specific security solutions

Next Steps

Site Selector