EU med­ical device com­pa­nies are bound by numer­ous leg­isla­tive oblig­a­tions which make sure devices are cyber­se­cure but more cap­i­tal spend­ing in dig­i­tal lit­er­a­cy is required to safe­guard Europe from cyber breach­es, says MedTech Europe in its 23 May posi­tion paper.

The Euro­pean Union is inun­dat­ed with reg­u­la­tions per­tain­ing to cyber­se­cu­ri­ty and dig­i­tal safe­ty, from the long-estab­lished Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR) to the new­ly approved Net­work and Infor­ma­tion Secu­ri­ty (NIS) 2 and the approach­ing Cyber Resilience Act (CRA). Med­ical device com­pa­nies also have to abide by cyber­se­cu­ri­ty pro­ce­dures laid down by Reg­u­la­tions (EU) 2017/745 and 2017/746 on med­ical devices and in vit­ro diag­nos­tic med­ical devices (MDR and IVDR) and inter­pret­ed in guid­ance from the Med­ical Device Coor­di­na­tion Group doc­u­ment 2019-16, rev 1 guid­ance on cybersecurity. 

Unfor­tu­nate­ly, leg­is­la­tion alone can not guar­an­tee the suc­cess of the EU’s cyber­se­cu­ri­ty strat­e­gy. MedTech Europe are of the opin­ion that mem­ber states should offer cyber­se­cu­ri­ty edu­ca­tion with­in their nation­al cur­ricu­lums as a basis for improv­ing dig­i­tal lit­er­a­cy and cyber exper­tise. Extra-cur­ric­u­lar cer­tifi­cates and con­tin­ued pro­fes­sion­al devel­op­ment should be offered, which will be depen­dent on pub­lic-pri­vate part­ner­ships and investment.

Source: Medtech Insight (an Infor­ma product)

Accom­pa­ny­ing this sub­ject we rec­om­mend the fol­low­ing con­tent on our website