IMDRF Flags Lack of Global Alignment in Cybersecurity

Devicemakers should assess cybersecurity risks throughout the product lifecycle, the International Medical Device Regulators Forum (IMDRF) says, in a new draft guidance that calls for “convergence of global healthcare cybersecurity principles and practices.”

The “current disparate regulations across governments lack the global alignment needed to ensure medical device cybersecurity,” IMDRF says.

Legacy devices are a particular concern as they can’t reasonably be protected against current cybersecurity threats, the forum said, adding that devicemakers should continue to monitor legacy devices for critical vulnerabilities and provide a “best-effort response” and maintain ongoing risk documentation.