Medical device regulation (MDR) and cyber security

  • 23/06/20
  • 16:00
  • Webinar

Event Information


Join Alex DenoonMarc Dautlich and Charlie Hawes alongside expert panellists from Aon’s Cyber Security Testing and Cyber Security Advisory teams, as they discuss the Medical Device Co-ordination Group’s Guidance on cyber security for medical devices.

To view the full recording, see our life sciences focused On the Pulse microsite.

Medical device regulation and cyber security

Connected medical devices are now a commonplace feature in hospital networks and a feature of growing importance in much healthcare provision. In hospitals such devices can include x-ray and ultrasound devices, radiology equipment, monitors, and anaesthesia machines.

The MDR, originally scheduled to enter into force in Europe on 26 May 2020, and now deferred by twelve months, contain prescriptive cyber security requirements applicable to medical device manufacturers, healthcare providers and intermediaries in the medical devices supply chain. Draft guidance issued in October 2019 by the International Medical Device Regulators Forum (IMDRF) sets out principles and practices for medical device manufacturers regarding cyber security. The subsequent guidance issued by the Medical Device Coordination Group (MDCG) in Europe, based on the IMDRF guidance, provides additional detail regarding the requirements of the MDR.

The overarching requirement to incorporate cyber security throughout a product’s entire lifecycle, from product design to post-market surveillance, as well as the focus on joint responsibility for cyber security on the part of manufacturers, health care providers and others pose challenges to current manufacturing processes and legal agreements amongst market participants.

In this Bristows webinar, we and our co-presenters Aon will explore:

  • What? – what devices are covered
  • Who? – the interface between manufacturer, systems integrator, operator and end user, and how joint responsibility amongst them may be allocated
  • How? – the requirements for a system for continuous cyber risk management and post-market monitoring of evolving cyber threats. What these requirements mean for you
Guest speaker bios:

Matt leads Engagement Management and Research and Development for Aon’s Security Testing practice in EMEA. He has over 20 years’ experience in cyber security working in both industry and government, where we served as a Science Advisor and an officer in the Royal Corps of Signals. He brings a deep technical understanding of what is required to design, build and break secure systems.

Dan is head of Research and Development for Aon’s Cyber Solutions in the United States, with over 20 years of industry experience. As a leader in Aon’s Security Testing practice, he oversees testing of medical device hardware, software, and related systems for organisations across the life sciences sector.

Andrew leads Aon’s Security Advisory practice in EMEA, working with organisations to help build, deliver, and improve their security programmes.  Andrew has 20+ years’ experience in information security and software engineering, with in-depth consulting experience in financial services, media, arts and on-line gambling sectors.

Please register here.

Key contact

Alex Denoon

Contact