You are here

Medical device cyber security information for users

Consumers, health professionals, small business operators and large scale service providers

6 April 2021

Book pagination

Guidance for different users

This guidance is structured to consider different groups of medical device users, as:

  • Guidance for patients and consumers
    • who use a medical device as directed by a health professional
    • who use a medical device (such as a downloaded software 'app') without professional supervision
    • who might access software that acts as a medical device (e.g. by diagnosing a heart murmur) from overseas websites, even though such software products may not have been approved for use in Australia by the TGA[1].
  • Guidance for health and medical professionals
    • who are responsible for the use of medical devices for a range of purposes—described as 'to diagnose, prevent, monitor, treat or alleviate disease or injury in a patient' in the Therapeutic Goods Act 1989
    • which includes medical doctors, nurses, radiologists and radiographers, pathologists, etc.
    • who may be based in a medium to large health or medical organisation such as public hospitals, private health service providers
    • who may be able to access, review and exchange data with devices, and may also be responsible for patient education and establishing parameters for how devices and software are to be used
  • Guidance for small business operators (including small-practice clinicians)
    • who are responsible for the procurement, implementation, maintenance, and application of medical devices in a small clinic environment or general medical practice
    • who are generally reliant on information provided by the manufacturer or sponsor regarding medical device cyber security
    • who may not have the ability to detect potential cyber security problems themselves
  • Guidance for large scale service providers with specialist teams
    • who are responsible for the procurement, implementation and maintenance of medical devices in a health and medical service environment, such as a hospital
    • which includes biomedical engineers and IT experts who have the task of ensuring continuous operation of health services
    • who are likely to have cyber security related knowledge and may also have related expertise


Book pagination