From the EU MDCG 2019-16 Guidance on Cybersecurity for medical devices, December 2019 , this is the guidance on foreseeable risks. Medical device manufacturers should ensure that a medical device is designed and manufactured in a way that ensures that the risks associated with reasonably foreseeable environmental conditions are removed or minimised. This may include the infield monitoring of the software’s vulnerabilities and the possibility to perform a device update (outside the context of a field safety corrective action) through, for example delivering patches to ensure the continued security of the device. During the risk management process, the manufacturer should foresee or evaluate the potential exploitation of those vulnerabilities that may be a result of reasonably foreseeable misuse. This, however, may depend on the specific situation. For example, using an unsecured memory-stick to enter data into a medical IT system can be considered “reasonably foreseeabl...
Thoughts and Ideas of a working software engineer. Observations of the oft-forgotten, but painfully obvious. Remember: Experience pays, and experience costs.