Medical Device Cybersecurity: EU Requirements

“Essential safety requirement” for all medical devices that incorporate electronic programmable systems (SiMD) and software that are medical devices in themselves (SaMD) I

  • Integrated security: risk control measures mandatory for safe design and production, appropriate safeguards regarding risks that cannot be excluded, security information and training (Annex I, No.4);
  • Mandatory risk management for the identification and analysis of hazards (Annex I, No. 3b);
  • Risk minimization activities for possible negative interaction between software and the IT environment (Annex I, 14.2);
  • Appropriate precautions to eliminate or reduce any risks or performance impairments from defects. (Annex I, No. 17.1)
  • Software shall be developed and manufactured according to the state of the art, with principles of a software lifecycle, risk management, information security, verification, and validation. (Annex I, 17.2).