Skip to main content
close search
site logo
Dive Brief

MedTech Europe sets out position on cybersecurity, making case for reliance on MDR

Published May 31, 2023 Updated June 12, 2023
By
Contributor
the Eu flag over a map of europe
titoOnz via Getty Images

Dive Brief:

  • MedTech Europe has set out its vision for cybersecurity in the medical technology ecosystem in a paper that argues for industry-specific legislation.
  • The trade group outlines three areas of discussion, starting with its belief that medtech security should be regulated under sectoral legislation such as the Medical Devices Regulation (MDR) and In Vitro Diagnostic Medical Devices Regulation (IVDR).
  • Other parts of the paper address MedTech Europe’s preferred approach for tackling ransomware and support for actions to improve digital literacy in general and cybersecurity skills in particular.

Dive Insight:

More connected medical devices have increased the risk that hackers will access confidential data or gain the ability to modify technologies in ways that put patients at risk. As the risks increase, medical device manufacturers “continue to invest significant resources in guaranteeing state of the art cybersecurity for all their products and services,” the trade group wrote.

Other groups including legislators and regulators also play a role in protecting devices and data. The position paper covers how the groups can work together, calling for a multi-stakeholder approach to ransomware, and investment in education and training in cybersecurity.

MedTech Europe argues that MDR and IVDR “should remain the primary avenue to providing state of the art cybersecurity of digital medical technologies and services.” The paper goes on to explain that the medtech industry itself “has an integral role to play in creating a more resilient shared healthcare ecosystem.”

The trade group’s case for continuing to rely on MDR and IVDR rests on the claim that the regulations “wholly account for cybersecurity throughout a medical device’s lifecycle.” Given that the regulations “lay out comprehensive, essential requirements for digital medical technologies and services” and the Medical Devices Coordination Group has provided guidance, MedTech Europe sees sectoral legislation as sufficient. 

Some European Union legislation already covers multiple industries and MedTech Europe supports those existing initiatives. For example, the trade group said the latest version of the Network and Information Security directive provides a basis for “manufacturers to comprehend and implement the range of cybersecurity and data protection requirements across the entirety of a medical device’s lifecycle.”

Updates to clarify that MedTech Europe supports sector-specific cybersecurity regulation for Europe’s medtech industry, and argues that medical technology products should not be regulated via pan-industry legislation.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Echosens Launches its Liver Health Management (LHM) Platform Globally, Streamlining Liver Care
From Echosens
November 04, 2024
Survey Shows Growing Dependence on Contracts Among Medical Device Companies, Even as Contract …
From AcuityMD
October 21, 2024
Innoventric Secures $28.5M and Unveils Groundbreaking Tricuspid Regurgitation Treatment to Hel…
From Innoventric
October 29, 2024
identifeye Health Unveils AI-Enabled Automated Camera System to Make Retinal Imaging More Acce…
From identifeye HEALTH
October 17, 2024
Editors' picks
Latest in Digital Health
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell