In last week’s webinar, Alex Denoon, Marc Dautlich and Charlie Hawes alongside expert panellists from Aon’s Cyber Solutions team, discussed the Medical Device Co-ordination Group’s Guidance on cyber security for medical devices.
Key discussion points:
- Notified Bodies and regulators will use the Guidance to evaluate cyber security arrangements for the foreseeable future – the Guidance is non-binding, but will be treated as gospel
- All stakeholders in the supply chain (not just manufacturers) have a role in ensuring the cyber security of Medical Devices – the concept of “joint responsibility” permits manufacturers to flow new cyber obligations through the supply chain to unrelated parties
- Compliance will require pro-active re-evaluation of existing cyber security arrangements and related legal documentation – revisit QAs/IFUs/contracts
- Determining appropriate security measures requires a careful risk assessment – experience and lessons learned from other sectors can help inform the process
- While cyber security is demanding and a continuous obligation, technical and legal solutions are available – testing, governance, incident response supported by clear contractual obligations are vital