On Medical Device Cybersecurity Compliance in EU

• URL: http://arxiv.org/abs/2103.06809v1
• Date: Thu, 11 Mar 2021 17:26:06 GMT
• Title: On Medical Device Cybersecurity Compliance in EU
• Authors: Tuomas Granlund, Juha Vedenp\"a\"a, Vlad Stirbu and Tommi Mikkonen
• Abstract summary: We review the new cybersecurity requirements in the light of currently available guidance documents. We argue that these core concepts form a foundations for cybersecurity compliance in the European Union regulatory framework.
• Score: 4.3695508295565775
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The medical device products at the European Union market must be safe and effective. To ensure this, medical device manufacturers must comply to the new regulatory requirements brought by the Medical Device Regulation (MDR) and the In Vitro Diagnostic Medical Device Regulation (IVDR). In general, the new regulations increase regulatory requirements and oversight, especially for medical software, and this is also true for requirements related to cybersecurity, which are now explicitly addressed in the legislation. The significant legislation changes currently underway, combined with increased cybersecurity requirements, create unique challenges for manufacturers to comply with the regulatory framework. In this paper, we review the new cybersecurity requirements in the light of currently available guidance documents, and pinpoint four core concepts around which cybersecurity compliance can be built. We argue that these core concepts form a foundations for cybersecurity compliance in the European Union regulatory framework.

Related papers

• Transforming Medical Regulations into Numbers: Vectorizing a Decade of Medical Device Regulatory Shifts in the USA, EU, and China [3.8657431480664717]
  Navigating the regulatory frameworks that ensure the safety and efficacy of medical devices can be challenging. These frameworks often require redundant testing, slowing down the process of getting innovations to patients.
  arXiv  Detail & Related papers  (2024-11-01T13:25:14Z)
• Law-based and standards-oriented approach for privacy impact assessment in medical devices: a topic for lawyers, engineers and healthcare practitioners in MedTech [0.0]
  The adoption of non-binding standards like ISO and IEC can harmonize processes by enhancing accountability privacy by design. The study advocates for leveraging both hard law and standards to systematically address privacy and safety in the design and operation of medical devices.
  arXiv  Detail & Related papers  (2024-09-18T09:56:19Z)
• RegNLP in Action: Facilitating Compliance Through Automated Information Retrieval and Answer Generation [51.998738311700095]
  Regulatory documents, characterized by their length, complexity and frequent updates, are challenging to interpret. RegNLP is a multidisciplinary subfield aimed at simplifying access to and interpretation of regulatory rules and obligations. ObliQA dataset contains 27,869 questions derived from the Abu Dhabi Global Markets (ADGM) financial regulation document collection.
  arXiv  Detail & Related papers  (2024-09-09T14:44:19Z)
• Beyond One-Time Validation: A Framework for Adaptive Validation of Prognostic and Diagnostic AI-based Medical Devices [55.319842359034546]
  Existing approaches often fall short in addressing the complexity of practically deploying these devices. The presented framework emphasizes the importance of repeating validation and fine-tuning during deployment. It is positioned within the current US and EU regulatory landscapes.
  arXiv  Detail & Related papers  (2024-09-07T11:13:52Z)
• Evaluating the Role of Security Assurance Cases in Agile Medical Device Development [2.9790563467999247]
  Cybersecurity issues in medical devices threaten patient safety and can cause harm if exploited. Standards and regulations require vendors of such devices to provide an assessment of the cybersecurity risks as well as a description of their mitigation. Security assurance cases (SACs) capture these elements as a structured argument.
  arXiv  Detail & Related papers  (2024-07-10T14:34:53Z)
• Navigating the road to automotive cybersecurity compliance [39.79758414095764]
  The automotive industry is compelled to adopt robust cybersecurity measures to safeguard both vehicles and data against potential threats. The future of automotive cybersecurity lies in the continuous development of advanced protective measures and collaborative efforts among all stakeholders.
  arXiv  Detail & Related papers  (2024-06-29T16:07:48Z)
• The risks of risk-based AI regulation: taking liability seriously [46.90451304069951]
  The development and regulation of AI seems to have reached a critical stage. Some experts are calling for a moratorium on the training of AI systems more powerful than GPT-4. This paper analyses the most advanced legal proposal, the European Union's AI Act.
  arXiv  Detail & Related papers  (2023-11-03T12:51:37Z)
• CyMed: A Framework for Testing Cybersecurity of Connected Medical Devices [0.18416014644193066]
  Connected Medical Devices (CMDs) have a large impact on patients as they allow them to lead a more normal life. There are many safety regulations which must be adhered to prior to a CMD entering the market. While many detailed safety regulations exist, there are a fundamental lack of cybersecurity frameworks applicable to CMDs. This paper describes a framework, CyMed, to be used by vendors and ens-users, which contains concrete measures to improve the resilience of CMDs against cyber attack.
  arXiv  Detail & Related papers  (2023-10-05T15:05:16Z)
• On Medical Device Software CE Compliance and Conformity Assessment [4.910937238451484]
  Manufacturing of medical devices is strictly controlled by authorities. Manufacturers must conform to the regulatory requirements of the region in which a medical device is being marketed for use. In general, these requirements make no difference between the physical device, embedded software running inside a physical device, or software that constitutes the device in itself.
  arXiv  Detail & Related papers  (2021-03-11T17:35:40Z)
• I-Health: Leveraging Edge Computing and Blockchain for Epidemic Management [36.55809341110476]
  Epidemic situations demand intensive data collection and management from different locations/entities within a strict time constraint. This paper proposes an Intelligent-Health (I-Health) system that aims to aggregate diverse e-health entities in a unique national healthcare system. In particular, we design an automated patients monitoring scheme, at the edge, which enables the prompt discovery, remote monitoring, and fast emergency response.
  arXiv  Detail & Related papers  (2020-12-18T23:41:00Z)
• Regulation conform DLT-operable payment adapter based on trustless - justified trust combined generalized state channels [77.34726150561087]
  Economy of Things (EoT) will be based on software agents running on peer-to-peer trustless networks. We give an overview of current solutions that differ in their fundamental values and technological possibilities. We propose to combine the strengths of the crypto based, decentralized trustless elements with established and well regulated means of payment.
  arXiv  Detail & Related papers  (2020-07-03T10:45:55Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.