MedSecurance's recommendation for strengthening MDGC 2019-16 Rev.1 Guidance on Cybersecurity for Medical Devices

Medsecurance’s partners have analysed the critical gaps in the Medical Device Coordination Group (MDGC) 2019-16 Rev. 1 cybersecurity guidance for medical devices. We also provided recommendations to strengthen MDGC guidelines. Some of the recommendations include, but are not limited to, the following categories: Software V&V, Clinical evaluation and post-market surveillance, Cybersecurity and data privacy, Evaluation and certification, AI & ML, Interoperability & integration, Process for updates and amendments, Case studies and examples and Training and education. These recommendations aim to future-proof medical devices against emerging cyber threats while ensuring compliance with EU standards regulations.

The MDGC is an EU body that provides guidance, including the foundational MDGC 2019-16 Rev. 1 cybersecurity guidance for medical devices. However, the rapid evolution of cyber threats requires proactive updates to these guidelines to ensure patient safety, data integrity, and consistent application of medical device regulations across member states.

As part of the MEDSEC deliverables, Medsecurance’s partners have contributed to the enhancement of the MDCG 2019-16 Rev.1 guidance on cybersecurity for medical devices by carrying out a gap analysis and offering a set of practical recommendations. Our contributions aim to make the guidance more accessible and actionable, particularly for manufacturers of connected and smart medical devices, who are working to meet the requirements of the EU Medical Device Regulation (MDR) and the In Vitro Diagnostic Regulation (IVDR).

Using a structured Threat Vulnerability and Risk Analysis (TVRA) tool, Medsecurance partners systematically reviewed the current guidance and identified key areas where additional clarity and specificity could improve its utility. For example, manufacturers developing Internet of Medical Things (IoMT) devices, such as wearable health monitors or cloud-connected insulin pumps, often face difficulties interpreting general security recommendations in the context of rapidly evolving technologies. The project’s recommendations address this by introducing more detailed, use-case-driven guidance that supports consistent implementation across different device types.

The project developed a harmonised framework that unifies safety and cybersecurity assurance. This includes the use of a shared ontology tool that maps various standards and certification requirements. For instance, by aligning ISO 27001 with IEC 62304, manufacturers can better understand how to meet overlapping obligations without duplication of effort.  Recognising that manufacturers must now meet higher expectations around clinical evidence, post-market surveillance, and Unique Device Identification (UDI) systems, the project is also creating automation tools to ease the compliance burden. These assurance tools (based on formal security ontologies and software interoperability contracts) are designed to streamline documentation and verification processes.

Medsecurance partners observed that variations in how notified bodies interpret MDCG guidance can lead to inconsistent approval outcomes. To address this, the consortium is drafting recommendations that promote more precise alignment between guidance and regulatory review practices, reducing ambiguity and increasing predictability for manufacturers.

Through these multifaceted contributions, ranging from technical tools to strategic recommendations, Medsecurance not only reinforces the MDCG guidance but also helps the broader medical device industry adapt to a rapidly changing regulatory and technological landscape.

To strengthen MDCG 2019-16, the MedSecurance project proposes targeted updates focused on clarity, consistency, and practical implementation. First, terminology should be aligned with established standards (e.g., ISO/IEC 27000, ISO 14971) to clearly distinguish between safety and cybersecurity risks. A glossary and visual taxonomy would facilitate a shared understanding among stakeholders.

The guidance should expand on lifecycle security by requiring continuous risk monitoring, runtime integrity checks, and clearly defined re-certification triggers for vulnerabilities. Secure-by-design principles should be operationalised through the adoption of secure development lifecycle (SDLC) models, such as IEC 62443-4-1, which includes threat models and architectural diagrams.

Verification and validation processes need specificity. Mandating static/dynamic testing, fuzzing, and traceability matrices can ensure adequate security coverage, especially for high-risk devices. Additionally, stakeholder roles must be clarified through tools like Responsible, Accountable, Consulted, and Informed (RACI) matrices and operator checklists.

Post-market surveillance should incorporate threat intelligence feeds and align with ISO/IEC 30111 and 29147 to systematically handle vulnerabilities. Minimum security requirements for operating environments (e.g., access control, network segmentation) should also be defined, with practical use-case examples.

Secure interoperability must be addressed using standards like FHIR over TLS 1.3 and DICOM with digital signatures. Guidance should include support for GDPR-compliant data handling and provenance tracking. Finally, machine-readable security assurance, using formats like GSN or SACM, will support automation, reuse, and alignment with future EU cybersecurity certification schemes.

These recommendations aim to make MDCG 2019-16 more actionable and robust, especially for developers of connected, AI-enabled, and high-risk medical device software.

Medsecurance’s partners’ initial recommendations can play a pivotal role in driving MDGC’s success and growth by delivering tangible benefits across several key areas:

• Improved Regulatory Clarity and Consistency Across Stakeholders: By aligning definitions, roles, and lifecycle expectations with international standards, the recommendations ensure that manufacturers, healthcare providers, and developers share a common understanding. This consistency reduces interpretation errors, accelerates certification processes, and enhances compliance, particularly for complex technologies such as AI-enabled or networked devices.

• Strengthened End-to-End Security and Resilience: The inclusion of lifecycle-based security, dynamic risk assessment, post-market surveillance, and structured vulnerability handling ensures that cybersecurity and patient safety are maintained throughout the device’s lifespan. This proactive and continuous approach significantly enhances the medical sector’s resilience to emerging threats, particularly in environments utilising the Internet of Medical Things (IoMT).

• Enhance Support for Innovation Without Compromising Safety: By providing clear guidance on interoperability, secure development, AI validation, and automation tools (e.g., machine-readable assurance), the recommendations reduce uncertainty for innovators. This enables the faster and safer adoption of new technologies in clinical settings, supporting both technological advancements and patient protection in a rapidly evolving healthcare landscape.

In the rapidly evolving landscape of connected healthcare, MDCG guidance plays a crucial role in ensuring the security of IoMT devices. However, to safeguard patient safety and data integrity, it must evolve into a living framework, capable of guiding the verification, validation, and oversight of increasingly intelligent, interoperable, and connected medical technologies.

                                                                                                       ----- Dr Gregory Epiphaniou