Webinar: Medical device regulation (MDR) and cyber security


In last week’s webinar, Alex Denoon, Marc Dautlich and Charlie Hawes alongside expert panellists from Aon’s Cyber Solutions team, discussed the Medical Device Co-ordination Group’s Guidance on cyber security for medical devices.

Key discussion points:
  • Notified Bodies and regulators will use the Guidance to evaluate cyber security arrangements for the foreseeable future – the Guidance is non-binding, but will be treated as gospel
  • All stakeholders in the supply chain (not just manufacturers) have a role in ensuring the cyber security of Medical Devices – the concept of “joint responsibility” permits manufacturers to flow new cyber obligations through the supply chain to unrelated parties
  • Compliance will require pro-active re-evaluation of existing cyber security arrangements and related legal documentation – revisit QAs/IFUs/contracts
  • Determining appropriate security measures requires a careful risk assessment – experience and lessons learned from other sectors can help inform the process
  • While cyber security is demanding and a continuous obligation, technical and legal solutions are available – testing, governance, incident response supported by clear contractual obligations are vital

Alex Denoon


Marc Dautlich


Charlie Hawes