Strengthen cybersecurity measures related to medical institutions, etc.

Strengthening Cyber Security Measures for Medical Institutions (Request)

On March 1, 2022, the Ministry of Health, Labour and Welfare (MHLW) issued an administrative communication titled “Reinforcement of Cyber Security Measures Concerning Medical Devices, Etc. The Ministry of Health, Labour and Welfare (MHLW) issued an administrative communication titled “Strengthening of Cyber Security Measures Concerning Medical Devices (Request).
Presumably, this was issued in response to the recent cyber attack on Toyota-related companies.
The request is jointly issued by the Ministry of Economy, Trade and Industry, the Financial Services Agency, the Ministry of Internal Affairs and Communications, the Ministry of Health, Labor and Welfare, the Ministry of Land, Infrastructure, Transport and Tourism, the National Police Agency, and the Cabinet Cyber Security Center, Cabinet Secretariat, so it is assumed that it is issued to various industries, not just medical devices.

With regard to medical device cybersecurity guidance in Japan, a notice based on the IMDRF guidance is expected to be issued by FY2023.
In medical devices, the use of operating systems with security holes, open source, etc., poses the risk of server terrorism and virus infection.
An important aspect of cyber security is that if a security hole is discovered in a medical device product, the user, such as a medical institution, must be notified promptly, and measures such as disconnecting the product from the network must be taken. A communication system for this purpose should be established in advance.
It is also important to contact medical institutions through reliable channels. If it were released to the public, it would be a prime target for terrorists.
It is also important to promptly create and distribute patches.
Small and medium-sized enterprises (SMEs) may be hesitant to announce a security hole even if they find one. This is because sales of the product will be delayed. However, if left unchecked, it could cause a great deal of damage.
Furthermore, support for cybersecurity should continue as long as products shipped in the past are used by medical institutions.
If support must be terminated, the user must be notified by a previously agreed-upon time.

related product

[blogcard url=”” title=”サイバーセキュリティ規程・手順書”



1. 検査装置・診断装置:検査の中断や誤った診断に至る可能性
2. 治療に用いられる装置:治療の中断等の事象の発生の可能性
3. 放射線治療の線量等の計算プログラム:過量照射や不十分な量の照射が発生する可能性

本サイバーセキュリティ規程・手順書は、IMDRF(国際医療機器規制当局フォーラム)が、2020年3月18日に発出した「Principles and Practices for Medical Device Cybersecurity」(医療機器サイバーセキュリティの原則および実践)」および厚労省の「医療機器のサイバーセキュリティ導入に関する手引書」を遵守できるようになっています。
] [blogcard url=”” title=”QMS(手順書)ひな形 医療機器関連” ]


Related post


There are no comment yet.