Medical Device Cybersecurity Regulations

The FDA is responsible for protecting public health by assuring the safety, security, and cyber resilience of the medical devices people rely on every day. Acting upon the a power granted by the US congress, the Food and Drug Administration continuously introduces new standards and guidelines to keep up with the breakneck speed of innovation.

The EC (European Commission) enhances competitiveness while ensuring the safety and performance of medical devices. To achieve this, the commission relies on public input in order to maintain industry growth within cyber secure boundaries.

The National Institute of Standards and Technology (NIST), founded in 1901, is tasked with promoting U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. Their authorization has since expanded to include cyber security frameworks, which are compiled of industry standards, guidelines, and practices.

ISO (International Organization for Standardization) and the IEC (International Electrotechnical Commission), are separate independent, non-governmental, international organizations who bring together experts to share knowledge. Their joint standard on information security systems allows for a more trustworthy internet where data can be shared without threat of leakage or prying eyes.

The International Medical Device Regulation Forum was established in 2011, consisting of regulators from Australia, Brazil, Canada, China, EU, Japan, US, and the World Health Organization (WHO). While not legislative authorizations, their documents are held as a global cybersecurity standard that the medical device ecosystem must follow.