last highlighted date: 2024-04-10
Highlights
- The standard doesn’t just cover medical devices, but healthcare software more broadly. While it supplements IEC 82304-1, IEC 62304 and others, it extends to include cybersecurity considerations in every phase of the SDLC.
- Tags: iec81001
- The EU is planning to harmonize IEC 81001-5-1 starting in May 2024, but the healthcare standard has wider implications for any organization developing medical equipment-containing software, around the world, to ensure the security of their embedded systems.
- This healthcare standard covers many types of embedded systems and products — not just medical devices such as heart monitoring machines and insulin pumps, but also extends to consumer electronics like smart watches and yoga apps, nutrition software, and care planning software.
- Many manufacturers and HDOs are already familiar with standards like IEC 62443-4-1, which will give them a head start. In fact, IEC 81001-5-1 contains an appendix that gives that mapping between the healthcare standard and IEC 62443-4-1.
- Tags: iec62443
- IEC 81001-5-1 provides a minimum set of secure coding best practices in Appendix A.4
- Use a secure coding standard (such as MISRA C; CERT C/C++).
- Use automated static analysis tools such as Perforce
- In addition, databases like the Common Weakness Enumeration (CWE) give developers access to known issues so they can be incorporated into code inspection and testing strategies