6/15/2023
Digitalisation
News
TÜV SÜD tests cybersecurity of IVD medical devices
Under the IVDR, manufacturers must demonstrate the cybersecurity of IVD medical devices before placing them on the market. Due to the limited number of Notified Bodies, there may be bottlenecks in the conformity assessment procedures. TÜV SÜD supports with comprehensive testing services.
Race for patient safety
The increasingly digital networking of medical infrastructure is leading to complex systems with many different interfaces that are potentially vulnerable to attack. IVD devices require the same cybersecurity consideration as networked medical devices. This includes threat modelling or threat analysis - cybersecurity risk management procedures - with the aim of identifying threats at an early stage and deriving measures from them. The mandatory regulatory basis is the IVDR, Annex I of which contains basic cybersecurity requirements. Further assistance is provided by the so-called MDCG Guidelines of the Medical Device Coordination Group of the EU, position paper of the Notified Bodies, as well as ISO 14971 for the risk management of medical devices and IEC 81001-5-1 for the security-related activities in the software life cycle.Five-step approach for best possible safety
The testing organisation has accredited testing laboratories and offers comprehensive testing services for IVD devices and products as well as product-specific cybersecurity tests. Depending on the stage of the product in its life cycle, this comprises five stages:1. training on standards and regulatory requirements
2. early bird assessment
3. fuzzing
4. vulnerability scanning
5. penetration testing (simulated cyber attack).
The testing organisation also operates the only accredited testing and validation laboratory for IEC TR 60601-4-5. The experts are familiar with the different country-specific regulatory requirements. They support manufacturers in placing their devices and products on the market safely and time-efficiently and also know about the requirements for legally compliant documentation.