Medical Device Cybersecurity

Safeguard the cybersecurity of your medical devices with SGS training, assessment and certification.

SGS provides training, assessment and certification services to enable manufacturers and hospitals to ensure the cybersecurity of medical devices.

Cybersecurity threats are a major concern for connected medical devices and hospital networks. Advanced services, as well as unprecedented levels of efficiency and effectiveness, are the main drivers behind the healthcare sector's drive to connect modern medical devices to the internet. However, with ubiquitous connectivity comes increased cybersecurity threat.

Worldwide, regulators have taken action to make resilience against cybersecurity threats a baseline requirement for connected medical devices, systems and networks.  

Why choose medical device cybersecurity solutions from SGS?

We offer a portfolio of tailored cybersecurity services to help you:

  • Comply with regulations and corresponding standards
  • Generate evidence and proof that cybersecurity related risks have been considered, evaluated and mitigated for the complete lifecycle of devices, systems and networks
  • Gain specialized training, assessment and certification with a special focus on the intertwined relationship of cybersecurity and functional safety

Medical device cybersecurity training

Our medical device cybersecurity training includes:

  • Introductory cybersecurity training for medical device manufacturers, introducing the current market situation, incidents, threats and risks, regulation, standards, certifications and best practices
  • Cybersecurity risk management for medical device manufacturers according to ISO 14971, AAMI TIR57 or AAMI SW 96
  • Cybersecurity related post-market activities
  • Secure hardware/software development lifecycle
  • Trainings on secure design and coding principles, security assessment and testing
  • Communication and network security

Medical device cybersecurity assessment

Our medical device cybersecurity assessments include:

  • Cybersecurity threat and risk analysis for medical devices, hospital networks, policies and processes
  • Security capability maturity assessments for organizations and business processes
  • Security related gap assessments and design reviews for medical devices covering the complete product life cycle
  • Review and assessment of applied cybersecurity risk management for medical devices (e.g., according to AAMI TIR 57)
  • Vulnerability assessments for hardware and software, as well as network and cloud solutions
  • Customized security assessment and test campaigns in preparation for product approvals (e.g., FDA 510k application) and against relevant standards

Medical device cybersecurity certification

We provide medical device cybersecurity certification, such as:

  • Independent conformity assessments against cybersecurity guidance documents issued by the US FDA or issued in connection to the European MDR/IVDR regulations
  • Independent security related conformity assessments against the standards ISO 14971, AAMI TIR57, AAMI TIR97, AAMI SW96 and UL2900-2-1
  • Security evaluation and certification according to the upcoming BSZ Certification Scheme governed by the BSI in Germany (in preparation)
  • Security evaluation and certification according to the SESIP scheme suitable for IoT devices governed by GlobalPlatform

Why SGS?

As leading cybersecurity experts, our state-of-the-art SGS cyberlabs around the world provide you with trusted, impartial testing, verification and certification solutions to help you meet the challenges of cybersecurity.

Contact Us

Get in touch

SGS Headquarters

1 Place des Alpes
P.O. Box 2152
1211 Geneva
Switzerland