Cybersecurity

Article

The EU Court’s Schrems II judgement – urgent revisiting of international personal data transfer mechanisms required

Wasn’t the MDR about More Data Required, and the same for the IVDR? Aren’t more and more devices running software that processes patient and user data? Isn’t the medical devices industry a very international business? Indeed – so the ability for companies working with the MDR and IVDR to transfer personal data internationally for all […]

Article

The MDCG cybersecurity guidance – a helpful rush job

It has been some time since the MDCG guidance on cybersecurity for medical devices was released (MDCG 2019-16 December 2019), so everybody has probably had the opportunity to get used to the document by now. While the document is by no means ideal or even flawless (congratulations MDCG on a glaring spelling mistake in the […]

Article

ENISA updates its Good Practice Guide

The European Union Agency for Network and Information Security (‘ENISA’) published an updated version of its National Cyber Security Strategy Good Practice Guide (‘the Guide’) on 14 November 2016, which includes a…

Article

Vulnerability disclosure: ENISA’s guide and the Dutch approach

Huge numbers of cyber attacks exploit vulnerabilities in computer-based systems and yet vulnerability disclosure is not a straightforward matter, as the discoverer of a vulnerability could face legal risk if they report…

Article

‘Privacyschild’ nieuwe basis voor gegevensoverdracht EU – VS?

Vorige week schreef ik dat er nog geen akkoord was omtrent een nieuw regime voor de uitwisseling van persoonsgegevens tussen de VS en de EU. Tijdens de bijeenkomst van de Artikel 29-werkgroep…

Article

More on EU medical devices cybersecurity regulation

In a previous post I promised more on cybersecurity, so here it is. Spoiler alert: the conclusion of this post is that cyber security requirements for medical devices in Europe are currently…

Article

In, on and near body networks EU regulation

I had the pleasure of being invited to speak at the Health IT forum at the MEDICA conference last week on regulation of in, on and near body networks. Most of my…

Article

FDA's draft guidance on cybersecurity: nothing exciting but useful examples

These days I am more and more involved in medical devices software matters: interesting questions about modularisation, whether or not EHRs are medical devices in Europe and negotiation of systems integration agreements…

Navigate through our knowledgebase