Our Priorities Digital Health


Undescribed image

Since 2020, healthcare systems and services have been placed at the epicentre of malicious cyber activities — 60% of ransomware attacks throughout 2021 targeted healthcare facilities or healthcare industry services (1).

Providing secure medical technologies and keeping users and patients safe and protected remain paramount for the medical technology industry. Medical technology regulation and the associated guidance (2) provide robust frameworks for the development of safe and secure medical technologies.

Companies continue to invest significant resources in guaranteeing state-of-the-art cybersecurity for all products and services, including the data they produce while cooperating closely with regulators, authorities and healthcare institutions to contribute to the cyber resilience of European healthcare systems.  

In September 2021, the European Commission published its latest cybersecurity legislative proposal, the Cyber Resilience Act (CRA). The CRA aims to reinforce the security of connected digital products being placed on the EU market, introducing common cybersecurity rules. MedTech Europe supports a CRA that:  

  • Sets harmonised baseline cybersecurity requirements for digital products and services 
  • Recognises the capabilities of existing sectoral legislation, specifically the Medical Devices Regulation (MDR) and In Vitro Diagnostic Regulation (IVDR), including the associated guidance of the Medical Devices Coordination Group (MDCG) 
  • Enshrines a sectoral approach to medical technology cybersecurity and a consistent regulatory interplay with existing and future EU law 
  • Contributes to the security of digital product users and patients, while equally promoting innovation and the provision of state-of-the-art technologies


(1) Source: United States Department of Health and Human Services. Read more here.

(2) Source: MDCG 2019-16 Rev.1 Guidance on Cybersecurity for medical devices. Read more here.