In line with the cybersecurity approach proposed by the US FDA, Health Canada issued the first draft of a guideline entitled “Pre-market Requirements for Medical Device Cybersecurity ” containing the proposed requirements for Medical Device Applications Licenses (MDAL) relating to Medical Devices consisting of or containing software.

Health Canada believes that, to demonstrate the safety and efficacy of Medical Devices that are potentially vulnerable to cyber-attacks, manufacturers must consider various aspects of cybersecurity and implement them from the design phase and throughout the entire life cycle.

Important aspects of the cybersecurity strategy proposed for Medical Devices in the aforementioned guideline concern recommendations on safe design, management of specific device risk, verification and validation and monitoring and responding to emerging risks.

The cybersecurity requirements to be provided in the Medical Device License Applications (MDAL) concern the labelling (and the traceability of all components), the history of any recall of the device, the risk assessment involving the use of the device, as well as safety and efficacy requirements: applied standards, cybersecurity tests performed on the device, the design inputs and outputs traceability matrix and the post-market actions plan undertaken by the manufacturer to guarantee the device safety and efficacy throughout its entire life cycle.

The draft of the aforementioned guideline is currently under consultation, therefore medical device manufacturers and other stakeholders are invited to provide their feedback by February 5th, 2019.