Cybersecurity according to Medical Device Regulation (MDR) 2017/745 and In Vitro Diagnostics Regulations (IVDR) (EU) 2017/746

Medical Device Software Uncertainties

General Background

Cybersecurity in Medical Device Software

The European Union’s Medical Devices Regulation (EU MDR) has several cybersecurity considerations for medical device manufacturers. These considerations are aimed at ensuring the security and privacy of patient data and protecting against cyber threats that could compromise the safety and performance of medical devices.

Some of the cybersecurity considerations of the EU MDR are:

Additionally, MDCG 2019-16, a guidance document published by the European Commission’s Medical Device Coordination Group (MDCG) that provides recommendations on the cybersecurity of medical devices. The guidance is intended to help manufacturers, notified bodies, and other stakeholders understand the cybersecurity requirements of the EU MDR and EU IVDR. MDCG 2019-16 lays out eight most necessary processes that should be in place for in-depth defense strategy throughput the device’s lifecycle:

Security management

Defense strategy

  • Security guidelines

  • b

    Security requirements

  • Secure by design

  • Secure implementation

  • Security validation and verification testing

  • f

    Management on security-related issues

  • Security updated management

Manufacturers are expected to provide are product specifications related to recommended cybersecurity controls appropriate for the intended use environment, device features that protect critical functionality, description of backup and restore feature, infrastructure requirements, secure configurations, the list of network ports and other interfaces.

The holistic cybersecurity strategy is documented in the risk management file.

Support & Training

Contact AKRA TEAM for support, hands on implementation services and personalized training by experts with key competencies in the areas listed below.

Key points

Manufacturers should consider the following principles:

  • 1

    Confidentiality of information in rest and transit.

  • 2

    Integrity to ensure information authenticity and accuracy.

  • 3

    Availability of the processes, devices, data, and connected systems.

  • 4

    Strategy and implementation of data protection, privacy, and unauthorized access, and set the minimum requirements for IT network characteristics and IT security measures.

  • 5

    The extent of the security measures.

Our Services


AKRA TEAM offers training on cybersecurity to meet the expectations of EU MDR and EU IVDR. This will ensure that your personnel have the appropriate training, knowledge, and qualifications to implement cybersecurity system for your device.

Process and Templates Development

AKRA TEAM can assist in creating required processes to ensure conformity, as well as creating appropriate templates to provide compliance with the cybersecurity requirements.

Gap Assessment

AKRA TEAM can evaluate and assess the quality, completeness, and conformity of the relevant documents. Documentation will be compared against cybersecurity requirements to ensure conformity of the product(s). AKRA TEAM will rank risks from high to low while offering mitigations to close any identified gaps.


AKRA TEAM helps in defining the ideal regulatory strategy for implementing the extent of security control, IT security measures, and data protection. AKRA TEAM can also help in creating the required documentation and assistance during conformity assessment.

Continuous update of documentation

AKRA TEAM additionally offers solutions for continuous documentation updates and review of cybersecurity documentation. AKRA TEAM will schedule and revise documentation at defined intervals to ensure regulatory compliance is maintained.

Interested in our services?

Lorem ipsum dolor sit amet, consec tetur adipis cing elit. Ut elit tellus, luctus nec ullam corper mattis, pulvinar dapibus leo.

Scroll to Top
GDPR Cookie Consent with Real Cookie Banner