Webinar: Medical device regulation (MDR) and cyber security

29.06.2020 1 hour 10 mins

In last week’s webinar, Alex Denoon, Marc Dautlich and Charlie Hawes alongside expert panellists from Aon’s Cyber Solutions team, discussed the Medical Device Co-ordination Group’s Guidance on cyber security for medical devices.

Key discussion points:
  • Notified Bodies and regulators will use the Guidance to evaluate cyber security arrangements for the foreseeable future – the Guidance is non-binding, but will be treated as gospel
  • All stakeholders in the supply chain (not just manufacturers) have a role in ensuring the cyber security of Medical Devices – the concept of “joint responsibility” permits manufacturers to flow new cyber obligations through the supply chain to unrelated parties
  • Compliance will require pro-active re-evaluation of existing cyber security arrangements and related legal documentation – revisit QAs/IFUs/contracts
  • Determining appropriate security measures requires a careful risk assessment – experience and lessons learned from other sectors can help inform the process
  • While cyber security is demanding and a continuous obligation, technical and legal solutions are available – testing, governance, incident response supported by clear contractual obligations are vital