In the course of advancing digitalization in the healthcare sector, the networking of medical devices is becoming increasingly important. An illustrative example of this is the development of implantable pacemakers that communicate with a monitoring system. This progress allows the medical staff a detailed insight into the care of those affected. 

These advantages of networked medical devices are confronted with considerable risks. The example of networked insulin pumps shows that the required connectivity creates potential attack vectors that must be taken into account: Attackers could, for example, intercept radio signals from an insulin pump or send manipulated radio signals to them. In order to prevent such attacks and to prevent a compromise of this interface, technical measures are necessary, which must be taken into account at an early stage in the development phase of a medical device. 

The increasing vulnerability to cyberattacks in medical devices results from their integration into information and telecommunications networks (see also Project ManiMed). Lack of implementation of encryption technologies, insecure authentication methods and insufficiently protected communication channels can open the door to potentially devastating attacks. The manipulation of medical data is particularly worrying, as it not only shakes confidence in the security of such systems, but can also endanger the care of those affected. 

The reasons for the insufficient implementation of cybersecurity measures for medical devices are multifaceted. Connected medical device manufacturing companies (hereafter “manufacturing companies”) are under pressure to meet numerous regulatory requirements while rapidly bringing innovative products to market. In addition, knowledge and awareness of cybersecurity varies significantly across the industry. The complexity of these challenges is further increased by the need to consider the entire life cycle of medical devices. This includes design, development and implementation, as well as safe operation, maintenance and decommissioning. To sum up, ensuring cybersecurity for connected medical devices is a complex and extensive challenge that goes far beyond traditional cybersecurity measures, due to the particular sensitivity of the data and the direct impact on the people being treated. Ensuring the functional safety of the devices and their availability is the highest priority. However, the protection of the data of the treated persons is also of great importance. There are numerous norms, standards and guidelines to help ensure functional safety, cybersecurity and data protection of connected medical devices.