The document provides guidelines for the cybersecurity approval and review of medical devices, focusing on ensuring the safety and effectiveness of both wireless and wired communication. It highlights the following key aspects:
- Scope and Regulatory Framework:
- Medical devices are regulated under the Medical Devices Act.
- In vitro diagnostic medical devices fall under the Device Act.
- Digital medical devices are governed by the Digital Medical Products Act.
- Key Security Principles:
- Availability, Confidentiality, and Integrity: These are critical in maintaining device safety and effectiveness.
- Robust Security Measures:
- Notification of potential defects.
- Consideration of potential harm, communication method, and environment.
- Submission of verification data for cybersecurity safety.
- Identification Management:
- Unique and unambiguous management of identification information.
- Use of standardized encryption algorithms and recommended protocols.
- Ensuring non-repudiation and integrity of device software.
- Safety and Performance Considerations:
- Basic safety, performance, and operational availability are essential for medical devices.
- The development of wireless and wired communication devices increases cybersecurity threats, necessitating the implementation of strong security measures.
- Password Management:
- Password strength and combination rules must be enforced.
- Authentication processes should not reveal sensitive information through feedback.
These guidelines emphasize the importance of robust security frameworks to mitigate potential cybersecurity risks in medical devices, ensuring their safe operation and protecting patient data.
Source: https://www.mfds.go.kr/brd/m_1060/view.do?seq=15625&srchFr=&srchTo=&srchWord=&srchTp=&itm_seq_1=0&itm_seq_2=0&multi_itm_seq=0&company_cd=&company_nm=&Data_stts=A&page=1
Region: South Korea
Meet Freya
January 2025
