{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T12:15:50Z","timestamp":1765196150259,"version":"3.46.0"},"publisher-location":"Cham","reference-count":46,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031948541"},{"type":"electronic","value":"9783031948558"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-94855-8_21","type":"book-chapter","created":{"date-parts":[[2025,6,13]],"date-time":"2025-06-13T05:51:19Z","timestamp":1749793879000},"page":"324-337","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Strengthening the\u00a0MDCG Guidance on\u00a0Cybersecurity for\u00a0Medical Devices: A Legal Approach"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3015-9720","authenticated-orcid":false,"given":"Oguzhan","family":"Yesiltuna","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-1621-1036","authenticated-orcid":false,"given":"Ruoxin","family":"Su","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1249-9323","authenticated-orcid":false,"given":"Ashwinee","family":"Kumar","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6243-765X","authenticated-orcid":false,"given":"Paul","family":"Quinn","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,6,14]]},"reference":[{"key":"21_CR1","unstructured":"EU: Regulation (EU) 2017\/745 of the European Parliament and of the Council of 5 April 2017 on medical devices, amending Directive 2001\/83\/EC, Regulation (EC) No 178\/2002 and Regulation (EC) No 1223\/2009 and repealing Council Directives 90\/385\/EEC and 93\/42\/EEC (Text with EEA relevance) (2017)"},{"key":"21_CR2","unstructured":"EU: Regulation (EU) 2017\/746 of the European Parliament and of the Council of 5 April 2017 on in vitro diagnostic medical devices and repealing Directive 98\/79\/EC and Commission Decision 2010\/227\/EU (Text with EEA relevance) (2017)"},{"key":"21_CR3","unstructured":"Medical Device Coordination Group: MDCG 2019-16 Guidance on cybersecurity for medical devices (Rev. 1) (2019)"},{"key":"21_CR4","doi-asserted-by":"publisher","unstructured":"Pycroft, L., Aziz, T. Z.: Security of implantable medical devices with wireless connections: the dangers of cyber-attacks. Expert Rev. Med. Dev. 15(6), 403\u2013406 (2018). https:\/\/doi.org\/10.1080\/17434440.2018.1483235","DOI":"10.1080\/17434440.2018.1483235"},{"key":"21_CR5","doi-asserted-by":"publisher","unstructured":"Williams, P.A., Woodward, A.J.: Cybersecurity vulnerabilities in medical devices: a complex environment and multifaceted problem. Med. Dev. Evid. Res. 8, 305\u2013316 (2015). https:\/\/doi.org\/10.2147\/MDER.S50048","DOI":"10.2147\/MDER.S50048"},{"key":"21_CR6","unstructured":"WHO: WHO Director-General\u2019s remarks at Meeting of the UN Security Council on threats posed by ransomware attacks against hospitals and other health-care facilities and services (2024)"},{"key":"21_CR7","unstructured":"EC: Commission unveils action plan to protect the health sector from cyberattacks (2025)"},{"key":"21_CR8","doi-asserted-by":"publisher","unstructured":"Freyer, O., Jahed, F., Ostermann, M., Rosenzweig, C., Werner, P., Gilbert, S.: Consideration of cybersecurity risks in the benefit-risk analysis of medical devices: scoping review. J. Med. Internet Res. 26, e65528 (2024). https:\/\/doi.org\/10.2196\/65528","DOI":"10.2196\/65528"},{"key":"21_CR9","doi-asserted-by":"publisher","unstructured":"Biasin, E., Kamenja\u0161evi\u0107, E.: Regulatory approaches towards AI-based medical device cybersecurity: a transatlantic perspective. Eur. J. Risk Regul., 1\u201311 (2024). https:\/\/doi.org\/10.1017\/err.2024.23","DOI":"10.1017\/err.2024.23"},{"key":"21_CR10","unstructured":"Scherb, C., Hadayah, A., Heitz, L.B.: CyMed: a framework for testing cybersecurity of connected medical devices. http:\/\/arxiv.org\/abs\/2310.03583 (2023)"},{"key":"21_CR11","doi-asserted-by":"publisher","unstructured":"Biasin, E., Ya\u015far, B., Kamenja\u0161evi\u0107, E.: New Cybersecurity Requirements for medical devices in the EU: the forthcoming European health data space, data act, and artificial intelligence act. Law Tech Hum. 5, 43\u201358 (2023). https:\/\/doi.org\/10.5204\/lthj.3068","DOI":"10.5204\/lthj.3068"},{"key":"21_CR12","doi-asserted-by":"publisher","unstructured":"Biasin, E., Kamenja\u0161evi\u0107, E.: Cybersecurity of medical devices: regulatory challenges in the European union. In: Cohen, I.G., Minssen, T., Price Ii, W.N., Robertson, C., Shachar, C. (eds.) The Future of Medical Device Regulation, pp. 51-62. Cambridge University Press (2022). https:\/\/doi.org\/10.1017\/9781108975452.005","DOI":"10.1017\/9781108975452.005"},{"key":"21_CR13","unstructured":"EU: Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (General Data Protection Regulation) (2016)"},{"key":"21_CR14","unstructured":"EU: Directive (EU) 2016\/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (NIS Directive) (2016)"},{"key":"21_CR15","doi-asserted-by":"publisher","unstructured":"Taylor, S., et al.: A way forward for the MDCG 2019-16 medical device security guidance. In: Proceedings of the 17th International Conference on PErvasive Technologies Related to Assistive Environments, pp. 593\u2013599. ACM, Crete (2024). https:\/\/doi.org\/10.1145\/3652037.3663894","DOI":"10.1145\/3652037.3663894"},{"key":"21_CR16","unstructured":"Rak, R., Quinn, P.: Enhancing Digital Health Innovation in the EU with Effective Industrial Strategy Policies. Joint Research Centre of the European Commission (2024)"},{"key":"21_CR17","unstructured":"Milojevi\u0107, D.: Is it time to update the Medical Device Coordination Group\u2019s Guidance on Cybersecurity for Medical Devices?. https:\/\/www.law.kuleuven.be\/citip\/blog\/is-it-time-to-update-the-medical-device-coordination-groups-guidance-on-cybersecurity-for-medical-devices\/"},{"key":"21_CR18","doi-asserted-by":"publisher","first-page":"1257","DOI":"10.1111\/1468-0009.12481","volume":"98","author":"IG Cohen","year":"2020","unstructured":"Cohen, I.G., Gerke, S., Kramer, D.B.: Ethical and legal implications of remote monitoring of medical devices. Milbank Q. 98, 1257\u20131289 (2020). https:\/\/doi.org\/10.1111\/1468-0009.12481","journal-title":"Milbank Q."},{"key":"21_CR19","unstructured":"EU: Regulation (EU) 2023\/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017\/2394 and Directive (EU) 2020\/1828 (Data Act) (Text with EEA relevance) (2023)"},{"key":"21_CR20","unstructured":"EC: European Data Act enters into force, putting in place new rules for a fair and innovative data economy. https:\/\/digital-strategy.ec.europa.eu\/en\/news\/european-data-act-enters-force-putting-place-new-rules-fair-and-innovative-data-economy"},{"key":"21_CR21","unstructured":"EU: Regulation (EU) 2022\/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018\/1724 (Data Governance Act) (2022)"},{"key":"21_CR22","unstructured":"Biasin, E.: The Data Act will concern eHealth apps and Medical Devices. https:\/\/www.law.kuleuven.be\/citip\/blog\/the-data-act-will-concern-ehealth-apps-and-medical-devices\/"},{"key":"21_CR23","unstructured":"De Pauw, V., De Cordier, T., Fonteyn, B., Wiring, R.: Adapting to the new EU Data Act: implications for medical devices and other health devices. https:\/\/cms-lawnow.com\/en\/ealerts\/2024\/01\/adapting-to-the-new-eu-data-act-implications-for-medical-devices-and-other-health-devices"},{"key":"21_CR24","unstructured":"EU: Regulation of the European Parliament and of the Council on European Health Data Space and amending Directive 2011\/24\/EU and Regulation (EU) 2024\/2847 (2025)"},{"key":"21_CR25","doi-asserted-by":"publisher","unstructured":"Li, W., Quinn, P.: The European health data space: an expanded right to data portability? Comput. Law Secur. Rev. 52 (2024). https:\/\/doi.org\/10.1016\/j.clsr.2023.105913","DOI":"10.1016\/j.clsr.2023.105913"},{"key":"21_CR26","doi-asserted-by":"publisher","unstructured":"Quinn, P., Ellyne, E., Yao, C.: Will the GDPR restrain health data access bodies under the European health data space (EHDS)? Comput. Law Secur. Rev. 54 (2024). https:\/\/doi.org\/10.1016\/j.clsr.2024.105993","DOI":"10.1016\/j.clsr.2024.105993"},{"key":"21_CR27","unstructured":"EU: Regulation (EU) 2019\/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526\/2013 (Cybersecurity Act) (2019)"},{"key":"21_CR28","doi-asserted-by":"publisher","DOI":"10.1016\/j.clsr.2022.105653","volume":"44","author":"V Papakonstantinou","year":"2022","unstructured":"Papakonstantinou, V.: Cybersecurity as praxis and as a state: the EU law path towards acknowledgement of a new right to cybersecurity? Comput. Law Secur. Rev. 44, 105653 (2022). https:\/\/doi.org\/10.1016\/j.clsr.2022.105653","journal-title":"Comput. Law Secur. Rev."},{"key":"21_CR29","unstructured":"Mammonas, D.: Cyber solidarity package: Council and Parliament strike deals to strengthen cyber security capacities in the EU. https:\/\/www.consilium.europa.eu\/en\/press\/press-releases\/2024\/03\/06\/cyber-solidarity-package-council-and-parliament-strike-deals-to-strengthen-cyber-security-capacities-in-the-eu\/"},{"key":"21_CR30","unstructured":"EU: Commission Implementing Regulation (EU) 2024\/482 of 31 January 2024 laying down rules for the application of Regulation (EU) 2019\/881 of the European Parliament and of the Council as regards the adoption of the European Common Criteria-based cybersecurity certification scheme (EUCC) (C\/2024\/560) (2024)"},{"key":"21_CR31","unstructured":"EC: The EU cybersecurity certification framework. https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/cybersecurity-certification-framework"},{"key":"21_CR32","doi-asserted-by":"crossref","unstructured":"Biasin, E., Kamenja\u0161evi\u0107, E., Rosager, K.: Cybersecurity of AI medical devices: risks, legislation, and challenges. In: Solaiman, B. and Cohen, I.G. (eds.) Research Handbook on Health, AI and the Law. pp. 57-74. Edward Elgar Publishing (2024)","DOI":"10.4337\/9781802205657.ch04"},{"key":"21_CR33","unstructured":"EC: Commission Staff Working Document Impact Assessment Report Accompanying the document Proposal for a Directive of the European Parliament and of the Council on measures for a high common level of cybersecurity across the Union, repealing Directive (EU) 2016\/1148 (2020)"},{"key":"21_CR34","unstructured":"Directive (EU) 2022\/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910\/2014 and Directive (EU) 2018\/1972, and repealing Directive (EU) 2016\/1148 (NIS 2 Directive) (2022)"},{"key":"21_CR35","doi-asserted-by":"crossref","unstructured":"Schmitz-Berndt, S.: Refining the mandatory cybersecurity incident reporting under the NIS directive 2.0: event types and reporting processes. In: Onwubiko, C., et al. (eds.) Proceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media, pp. 343\u2013351. Springer, Singapore (2023)","DOI":"10.1007\/978-981-19-6414-5_19"},{"key":"21_CR36","doi-asserted-by":"publisher","unstructured":"Wanecki, P., Ja\u0161ek, R., Drofova, I.: The contribution of the European NIS2 directive to the design of the cyber security model. In: 2023 International Conference on Information and Digital Technologies (IDT), pp. 149\u2013154 (2023). https:\/\/doi.org\/10.1109\/IDT59031.2023.10194454","DOI":"10.1109\/IDT59031.2023.10194454"},{"key":"21_CR37","doi-asserted-by":"publisher","DOI":"10.1016\/j.clsr.2023.105890","volume":"52","author":"N Vandezande","year":"2024","unstructured":"Vandezande, N.: Cybersecurity in the EU: how the NIS2-directive stacks up against its predecessor. Comput. Law Secur. Rev. 52, 105890 (2024). https:\/\/doi.org\/10.1016\/j.clsr.2023.105890","journal-title":"Comput. Law Secur. Rev."},{"key":"21_CR38","unstructured":"EU: Regulation (EU) 2024\/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168\/2013 and (EU) 2019\/1020 and Directive (EU) 2020\/1828 (Cyber Resilience Act) (2024)"},{"key":"21_CR39","unstructured":"Regulation (EU) 2024\/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300\/2008, (EU) No 167\/2013, (EU) No 168\/2013, (EU) 2018\/858, (EU) 2018\/1139 and (EU) 2019\/2144 and Directives 2014\/90\/EU, (EU) 2016\/797 and (EU) 2020\/1828 (Artificial Intelligence Act) (Text with EEA relevance) (2024)"},{"key":"21_CR40","unstructured":"Choi, W., van Eck, M., van der Heijden, C., Hooghiemstra, T., Vollebregt, E.: Legal Analysis: European Legislative Proposal Draft AI Act and MDR\/IVDR (2022)"},{"key":"21_CR41","doi-asserted-by":"publisher","unstructured":"Levy-Loboda, T., Sheetrit, E., Liberty, I.F., Haim, A., Nissim, N.: Personalized insulin dose manipulation attack and its detection using interval-based temporal patterns and machine learning algorithms. J. Biomed. Inf. 132 (2022). https:\/\/doi.org\/10.1016\/j.jbi.2022.104129","DOI":"10.1016\/j.jbi.2022.104129"},{"key":"21_CR42","unstructured":"EC: Mission Letter. https:\/\/commission.europa.eu\/about\/commission-2024-2029\/commissioners-designate-2024-2029"},{"key":"21_CR43","unstructured":"EC: The Draghi report on EU competitiveness. https:\/\/commission.europa.eu\/topics\/eu-competitiveness\/draghi-report"},{"key":"21_CR44","unstructured":"EP: Resolution of 23 October 2024 on the urgent need to revise the Medical Devices Regulation, P10 TA(2024)0028"},{"key":"21_CR45","unstructured":"Liese Initiative. https:\/\/peter-liese.de\/en\/32-english\/press-releases-en\/4251-epp-revision-of-the-medical-device-regulation-can-save-lives"},{"key":"21_CR46","unstructured":"Yesiltuna, O.: A Prescription for Resilience? European Action Plan on the Cybersecurity of Hospitals and Healthcare Providers. https:\/\/hall.research.vub.be\/a-prescription-for-resilience-european-action-plan-on-the-cybersecurity-of-hospitals-and-healthcare"}],"container-title":["Communications in Computer and Information Science","Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-94855-8_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T12:13:49Z","timestamp":1765196029000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-94855-8_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031948541","9783031948558"],"references-count":46,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-94855-8_21","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"14 June 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"The authors have no competing interests to declare.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Disclosure of Interests"}},{"value":"EICC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Interdisciplinary Cybersecurity Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Rennes","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 June 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 June 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eicc2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.fvv.um.si\/eicc2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}