January 7th, 2020, the Medical Device Coordination Group (MDCG) released a new guidance, MDCG 2019-16, on cybersecurity for medical devices. This document is intended to provide manufacturers with guidance on how to fulfil all the relevant “General Safety and Performance Requirements” set out in Annex I of the Regulation on medical devices 745/2017 (MDR) and Regulation on in-vitro diagnostic medical devices 746/2017 (IVDR) with regard to cybersecurity.
The guidance also provides for considerations concerning expectations from actors other than manufacturers. It also provides a description of other EU and global pieces of legislation and guidance that are relevant to the domain of cybersecurity for medical devices and IVDs in an Annex.
What does this mean to you?
All manufacturers of devices that are subject to the “GSPR” on IT security and cybersecurity, or subject to requirements regarding privacy and confidentiality of data associated with the use of MDs/IVDs that may be outside the scope of the MDR/IVDR but that are subject to other legislations should carefully read the MDCG 2019-16 to understand how to appropriately address both their pre- and post-market responsibilities.
Should you want to discuss this more in depth with one of our consultants, please do not hesitate to get in touch with us.