China’s first cybersecurity law came into effect in this year, bringing with it new requirements and protections. The medtech industry should take note of its impact on connected devices.
The cybersecurity of connected medical devices is important because of the sensitive personal nature of data collected, transmitted and processed through them. Medical device cybersecurity is also important because patient’s health could be in jeopardy if the device and its data are being interfered with.
The latest cybersecurity guidelines published by CFDA this year covers Type 2 and Type 3 devices that can be (1) connected for data exchanges or remote control or (2) those that use storage media to exchange information. CFDA is likely to make these measures mandatory in the near future.
For CFDA, the cybersecurity measurement of connected devices is focused in the confidentiality, integrity and availability in the entire process from data generation to data consumption by medical devices. When designing data exchange and control functions, device companies now need to consider data types such as patient’s personal information or device’s own data from its operations. CFDA also focuses on the data technology in access, encryption, protection, and response mechanisms. Device manufactures also needs to show that they can control the embed software with adequate monitoring, upgrade, and security protection with tracking mechanism.
China Med Device, LLC, specializing in providing turn-key solutions for medical device medtech companies entry into China, brings you up-to-date information on CFDA and China medical device market moves. CMD provides on-demand services covering Chinese market assessment, CFDA regulatory and approval process, commercialization, device manufacturing and distribution. If you have any feedback, please email us at info@ChinaMedDevice.com or visit us at www.ChinaMedDevice.com.