The number of cyber-attacks around the world exploded in 2020: exploiting the Covid-19 pandemic as an opportunity for cybercriminals to take advantage of the shift in focus towards smart working and hospital staff transferred to the frontline.
EU Policy Measure: Medical Devices
The Medical Device Regulation (EU 2017/745) is applicable from May 2021. It requires manufacturers to develop products based on the state of the art and principles of risk management, including information security and minimum requirements for IT security measures, such as protection against unauthorised access.
The primary purpose of the Guidance on Cybersecurity for Medical Devices (MDCG 2019-16) is to provide manufacturers with guidance on how to fulfil all the relevant essential requirements of Annex I to the MDR.
Additional considerations concerning expectations from actors other than manufacturers are also provided given the complexity of medical device supply chains and the role played by different operators in ensuring that devices are protected against unauthorised access and possible cyber threats.
PANACEA Research perspectives: The security and safety of medical is of primary importance to PANACEA as part of its security-by-design framework, one of the solutions forming part of its Toolkit to increase cybersecurity in healthcare.
Lookout Watch entry date: 06.20.2020