Bundesamt für Sicherheit in der Informationstechnik

Cyber Security Requirements for Network-Connected Medical Devices

Datum 13.11.2018

Preview zum Dokument

Many medical devices follow the trend towards digitization, and offer an option to operate with other devices over an information network. This often involves the use of technologies that have already been proven to be effective in other areas. Manufacturers have to pay special attention to the resulting cyber security challenges while considering the specific conditions for medical devices, such as long product life cycles and the intended use in areas that are directly critical to patient safety. Therefore, this document summarises best practices for manufacturers of network-connected medical devices. These recommendations accompany regulatory requirements and are intended to support implementation and maintenance at an appropriate level of cyber security according to the current state of the art.
In order to meet one of the essential requirements of the Medical Device Directive currently in force, manufacturers must perform a risk analysis during the conformity assessment procedure. The identified risks must be minimised and documented. This cyber security recommendations provide practical assistance on how the therein identified cyber security issues can be reduced in detail.

[Deutsche Version]