October 26, 2020

Volume X, Number 300


October 23, 2020

Subscribe to Latest Legal News and Analysis

A New French Scientific Committee For Cybersecurity of Medical Device Software

The French  National Agency for Safety of Medicines and Health Products (Agence nationale de sécurité du médicament et des produits de santé or ANSM) has announced on its website in October 2017 the  creation of a  “temporary specialized scientific committee” (comité scientifique spécialisé temporaire CSST) on the cybersecurity of medical device software.

The external experts that compose it are responsible for proposing recommendations to guarantee a minimum level of security of the software used in the medical field against the threats of digital abuse”.

An increasing number of medical devices, whether used by healthcare professionals in hospitals or at home by patients, are now connected. They can therefore share information via wireless links (Bluetooth, Wifi) or by physical connection to an Internet network. The functionalities of these devices cover the exchange of data (medical imaging, biology results), the control of the device (programming of infusion pumps or active implantable devices), remote monitoring of the patient (vital signs monitoring) or product maintenance.

In France, the IT security of medical devices is addressed in various texts related to connected health, but the medical device, although cited, is not the main purpose of these texts. In the same way, the European regulation on  medical devices does not cover, or insufficiently, the risk of IT  attack of the medical device.

ANSM has therefore set up a CSST made up of external experts, chosen because of their various skills and experiences on the subject of information technology and cybersecurity.

It is responsible for proposing to the Directeur Général of the ANSM recommendations to the medical device manufacturers so that they can take the necessary measures to prevent any malicious attack against their medical devices and thus prevent compromising data and misuse of the medical devices they place on the market.”

© Copyright 2020 Squire Patton Boggs (US) LLPNational Law Review, Volume VII, Number 339



About this Author

Stephanie Faber International Business Attorney Squire Patton Boggs Paris, France
Of Counsel

Stephanie Faber heads the Data Privacy & Cybersecurity Practice and the Intellectual Property & Technology Practice in the Paris office. She specialises in international business law, with more than 20 years of experience. Her legal practice encompasses business transactions and operations, as well regulatory and compliance work.

In relation to the Data Privacy & Cybersecurity Practice, Stephanie advises on:

  • GDPR gap assessment and compliance programs
  • Data breach management and notification
  • Database creation, international...
33 1-5383-7400