IMDRF Guidance on Medical Devices Cybersecurity

Posted on 06.05.2020

The International Medical Device Regulators Forum (IMDRF) published guidance on the Principles and Practices for Medical Device Cybersecurity on 20 April 2020. This document examines general principles and practices for device cybersecurity and aims to assist stakeholders in developing a better comprehension of their role in support of proactive cybersecurity that assists protect and secure medical devices in anticipation of future attacks, problems, or events.

In addition, the document highlights the total product lifecycle (TPLC) approach that medical device cybersecurity should follow, with different principles and elements being considered at different stages.

Finally, the text addresses both pre- and post-market issues. The pre-market section is primarily focused on medical device manufacturers and discusses security requirements and design, risk management principles, security testing, labelling and considerations for regulatory submissions, whereas the post-market section contains recommendations for all stakeholders, providing insights on devices in their intended use environment, information sharing, vulnerability disclosures and legacy device as well as specific advice factors.