The Role of Cybersecurity in Medical Devices Regulation: Future Considerations and Solutions
The cybersecurity of medical devices is paramount in a world where everything is increasingly digitised. Attention to how this important defence against malicious actors is regulated must, therefore, also increase. This paper uncovers how the cybersecurity of medical devices is currently regulated a...
Main Author: | |
---|---|
Format: | Article |
Language: | English |
Published: |
Queensland University of Technology
2023-11-01
|
Series: | Law, Technology and Humans |
Subjects: | |
Online Access: | https://lthj.qut.edu.au/article/view/3080 |
_version_ | 1797509341213884416 |
---|---|
author | Kaspar Rosager Ludvigsen |
author_facet | Kaspar Rosager Ludvigsen |
author_sort | Kaspar Rosager Ludvigsen |
collection | DOAJ |
description | The cybersecurity of medical devices is paramount in a world where everything is increasingly digitised. Attention to how this important defence against malicious actors is regulated must, therefore, also increase. This paper uncovers how the cybersecurity of medical devices is currently regulated and how it can be improved going forward. First, the paper compares the regulation of medical device cybersecurity in the European Union, the United States and the United Kingdom (UK)—differentiating between Great Britain and Northern Ireland as per the current state of the law in the UK. Second, the paper develops a model of how cybersecurity shapes three key areas in the ecosystem of medical devices. These areas are the medical device itself; the structure between the surrounding institutional systems (such as manufacturers and healthcare providers); and the security of the data, the surrounding institutional system and the medical device. Third, based on a comparative analysis and a view of the system from above, the paper puts forward four recommendations on what future regulation should contain to properly regulate the cybersecurity of medical devices: technology specificity, circumvention protection, genuine privacy and security by design. The paper recommends that these four principles be followed. Technology specificity because it guarantees legislation that understands the necessary technical aspects to promote security and safety. Circumvention protection because preventing manufacturers and others from circumventing these requirements decreases risks to the health and wellbeing of patients. Finally, genuine privacy and security by design should be followed to align cybersecurity and privacy with current and future technical capacities. |
first_indexed | 2024-03-10T05:16:21Z |
format | Article |
id | doaj.art-fd33f6191b814e8091a9249f86622c89 |
institution | Directory Open Access Journal |
issn | 2652-4074 |
language | English |
last_indexed | 2024-03-10T05:16:21Z |
publishDate | 2023-11-01 |
publisher | Queensland University of Technology |
record_format | Article |
series | Law, Technology and Humans |
spelling | doaj.art-fd33f6191b814e8091a9249f86622c892023-11-23T00:27:36ZengQueensland University of TechnologyLaw, Technology and Humans2652-40742023-11-0152597710.5204/lthj.30803403The Role of Cybersecurity in Medical Devices Regulation: Future Considerations and SolutionsKaspar Rosager Ludvigsen0https://orcid.org/0000-0001-7243-2548University of EdinburghThe cybersecurity of medical devices is paramount in a world where everything is increasingly digitised. Attention to how this important defence against malicious actors is regulated must, therefore, also increase. This paper uncovers how the cybersecurity of medical devices is currently regulated and how it can be improved going forward. First, the paper compares the regulation of medical device cybersecurity in the European Union, the United States and the United Kingdom (UK)—differentiating between Great Britain and Northern Ireland as per the current state of the law in the UK. Second, the paper develops a model of how cybersecurity shapes three key areas in the ecosystem of medical devices. These areas are the medical device itself; the structure between the surrounding institutional systems (such as manufacturers and healthcare providers); and the security of the data, the surrounding institutional system and the medical device. Third, based on a comparative analysis and a view of the system from above, the paper puts forward four recommendations on what future regulation should contain to properly regulate the cybersecurity of medical devices: technology specificity, circumvention protection, genuine privacy and security by design. The paper recommends that these four principles be followed. Technology specificity because it guarantees legislation that understands the necessary technical aspects to promote security and safety. Circumvention protection because preventing manufacturers and others from circumventing these requirements decreases risks to the health and wellbeing of patients. Finally, genuine privacy and security by design should be followed to align cybersecurity and privacy with current and future technical capacities.https://lthj.qut.edu.au/article/view/3080medical devicescybersecuritypolicytechnology regulationeu law |
spellingShingle | Kaspar Rosager Ludvigsen The Role of Cybersecurity in Medical Devices Regulation: Future Considerations and Solutions Law, Technology and Humans medical devices cybersecurity policy technology regulation eu law |
title | The Role of Cybersecurity in Medical Devices Regulation: Future Considerations and Solutions |
title_full | The Role of Cybersecurity in Medical Devices Regulation: Future Considerations and Solutions |
title_fullStr | The Role of Cybersecurity in Medical Devices Regulation: Future Considerations and Solutions |
title_full_unstemmed | The Role of Cybersecurity in Medical Devices Regulation: Future Considerations and Solutions |
title_short | The Role of Cybersecurity in Medical Devices Regulation: Future Considerations and Solutions |
title_sort | role of cybersecurity in medical devices regulation future considerations and solutions |
topic | medical devices cybersecurity policy technology regulation eu law |
url | https://lthj.qut.edu.au/article/view/3080 |
work_keys_str_mv | AT kasparrosagerludvigsen theroleofcybersecurityinmedicaldevicesregulationfutureconsiderationsandsolutions AT kasparrosagerludvigsen roleofcybersecurityinmedicaldevicesregulationfutureconsiderationsandsolutions |