Medical Devices Cybersecurity Working Group

The IMDRF Cybersecurity Working Group develops guidance to support medical device manufacturers and regulatory authorities in addressing cybersecurity risks across the device lifecycle. The Working Group's current focus is on developing additional recommendations on baseline cybersecurity controls and testing considerations for medical devices, complementing the existing IMDRF N60 guidance. The envisioned guidance aims to uplift cybersecurity hygiene across all medical devices by providing clarity on recommended security controls based on design and capabilities of the device.

Working Group Chair(s)
Guangyi Zhuang
Health Sciences Authority (HSA)
Singapore
Francisco Delgado
Medicines and Healthcare products Regulatory Agency (MHRA)
United Kingdom
Membership
Regulators, Industry, Official Observers, Regional Harmonization Initiatives, Affiliate Members
Status
Current

Work items

Medical Device Cybersecurity Deeper Dive: Development of additional guidance on Cybersecurity Controls and Testing Considerations

This work item develops recommendations on baseline cybersecurity controls and testing considerations, including vulnerability testing, for medical device manufacturers. Guidance is scoped to potential attack vectors so that manufacturers may implement appropriate security controls based on their device's design and connectivity features. The document is intended to complement existing IMDRF cybersecurity guidance