Understanding the Impact of New EU Cybersecurity Directive on Medical Device Industry

As implementation of medical devices is on the rise, cybersecurity threats have become a pressing concern. In a Med Device Online guest column by John Giantsidis, President of CyberActa, discusses a recent EU directive that is set to change the cybersecurity landscape of the medical device industry,  Directive (EU) 2022/2555 (NIS2).

According to Giantsidis, “NIS2 places increased demands on internal cybersecurity risk management. It is important that your organization carries out risk analyses, which act as preventive measures against security threats. Your organization must ensure that it has security measures in place that reduce the consequences and risks of cybersecurity incidents. As part of reducing the consequences of cyber incidents, you must also have a plan for how it will ensure business continuity if your organization is hit by a cyberattack. This includes a plan for the deployment of a crisis team, emergency procedures, and recovery of the affected systems. A NIS2 core requirement is that organizations take the appropriate and proportionate technical, operational, and organizational measures according to the state of the art. The expected starting point is the systematic analysis that considers and evaluates the human factor and the degree of dependency on network and information systems, and the following measures are the minimum requirements to be covered:”

To read more, click here.

(Source: Med Device Online, February 15^th, 2023)