A Way Forward for the MDCG 2019-16 Medical Device Security Guidance

MDCG 2019-16 is intended to assist practitioners in compliance with the Medical Device Regulation and the In-Vitro Device Regulation. This paper presents a gap analysis of MDCG 2019-16, identifying key gaps and proposing a robust set of recommendations to enhance the IoMT regulatory framework. This work has been undertaken by a selection of current (2023-2025) projects, all funded under the Horizon Europe call "Enhancing cybersecurity of connected medical devices": HORIZON-HLTH-2022-IND-13-01, and this paper summarizes observations and recommendations from across these projects. There is considerable consensus across the projects in many recommendation themes, notably; linking cybersecurity with patient safety and privacy; keeping the guidelines current; and usage recipes for the guidelines. The paper also suggests toolkit solutions to address some of the recommendations.