Sub menu

 

 

Software-based medical devices for consumers

What consumers should know when using software-based medical devices.

Last updated

Software-based medical devices – like health apps or digital tools – can help you manage your health. But it’s important to know how to use them safely and make sure they meet Australian requirements.

Some software and mobile apps will be regulated as medical devices if they are used to:

  • diagnose, prevent, monitor, predict or treat a disease, injury or disability
  • compensate for an injury or disability
  • investigate the structure of the body or how it functions
  • control conception
  • examine a specimen take from the human body for a medical purpose
  • help another medical device to function (such as an app for viewing results from a glucose monitor).

If software does any of these things, it must meet Australian safety standards and be included in the Australian Register of Therapeutic Goods (ARTG).

Apps that help you stay healthy – like fitness trackers or meditation apps – are general wellness tools. They are usually not regulated as a medical device.

Before you use a medical app or device

Check if it’s approved

Before using a software-based medical device, check if it’s included in the ARTG. This register lists all medical devices that are approved for supply in Australia.

Look for key information

Medical devices must include clear information – either printed or electronic – about the device and how to use it safely. This information includes:

  • the name of the device
  • the manufacturer and sponsor details
  • instructions for safe use
  • the intended purpose and users of the device.

If you need more details about a medical device, you can contact the sponsor (supplier) or manufacturer directly. Their contact information should be included with the device.

What to do if something goes wrong

Sometimes, medical devices can cause unexpected problems. These are called adverse events. They might include:

  • unusual symptoms or health issues associated with the use of the software
  • incorrect or confusing results
  • software that doesn’t work as expected
  • a situation that could have caused harm, even if it didn’t (a “near miss”).

If you have any concerns about your medical device, you can speak to your health professional.

You can also report adverse events to us. Reporting adverse events helps improve the safety of medical devices for everyone.

To report a problem or find out more, visit our adverse event reporting page.

Medical device safety and cyber security

Staying safe with connected medical devices

If you use a medical device that links to the internet or other networks – like a wearable or health app – it’s important to understand how to use it safely and protect your personal information. Always read and follow the instructions provided with your medical device.

If you're unsure what to do when something goes wrong (such as an internet outage), contact the manufacturer of your medical device for guidance.

Understanding the risks and benefits of connected medical devices

Before using a connected medical device, it’s important to understand:

  • if it connects to the internet or other networks and how
  • what data it collects
  • what risks (including cyber risks) are involved
  • what steps you can take to protect your device, data and your home network
  • how to use the internet responsibly when managing your health.

You can find basic security advice on cyber.gov.au.

Ask questions before using a device

When you receive a medical device that connects to the internet, your health professional can help you understand the risks and benefits. This information is a part of informed consent.

You can also ask your health professional questions like:

  • What are the risks, including cyber security risks, of using this device?
  • Are there other device options?
  • What security settings are built in?
  • What happens if I change the settings?
  • When and how does the device connect to the internet?
  • Does it rely on or use other connections (for example, Bluetooth)?
  • Is it possible to disconnect safely from the internet or other networks?
  • What data does it collect, where does it go, and who can access it?
  • How can I tell if the device has been hacked?
  • Who should I contact if I hear about a security issue?
  • Do I need to update the device software?

Why cyber security matters

Good cyber security helps:

  • keep your device working properly so it can deliver its health benefits
  • protect your personal and health information
  • create a safer environment for using connected medical devices.

The Australian Cyber Security Centre (ACSC) provides advice for consumers and small businesses to help reduce risks from scams, software vulnerabilities and unsafe online behaviour.

Protecting your privacy

Be careful about what you share online, especially in forums or apps linked to your medical device. Avoid posting personal information that could identify you.

Use strong passphrases

To protect your accounts and devices:

  • use a strong passphrase – at least 14 characters, ideally four or more random words
  • don’t reuse passphrases across different accounts
  • never share your passphrases
  • be aware of your surroundings when logging in
  • use trusted internet connections or a Virtual Private Network (VPN) when possible.

Many connected medical devices require you to create an account. Use a strong passphrase to protect your information and prevent unauthorised access.

For more tips, visit Creating strong passphrases on the ACSC website.

Be alert to suspicious messages

Some medical devices – and even your healthcare provider – may contact you through text messages, emails or web portals. Always treat unexpected messages with caution and don’t click on links or open attachments in messages you weren’t expecting.

If you’re unsure whether a message is genuine, contact your healthcare provider or the device sponsor using contact details you trust – not the ones in the message.

Protect your online health information

Just like online banking, your health information is valuable to cybercriminals.

To protect it you should:

  • follow the instructions that come with your medical device
  • make sure your devices (including computers, phones and tablets) are secure and up to date
  • refer to the ACSC’s Guidelines for System Hardening for more information.

Keep your phone and tablet secure

Many medical devices use apps on phones or tablets. If your mobile device isn’t secure, your medical device might not be either.

To stay safe:

Stay up to date and back up your data

Keeping your software updated is one of the best ways to protect your device. 

You should:

  • update apps and operating systems regularly
  • turn on automatic updates if it’s safe to do so – check with your healthcare provider first for medical devices
  • keep your home Wi-Fi and internet equipment secure and up to date
  • back up your data regularly, especially any health data collected by your device.

Using smart devices at home

Smart devices – including medical devices – can be part of your home network. Keep them secure by:

  • changing default passwords to strong, private passphrases
  • enabling automatic updates where safe and practical, and check with your healthcare provider first
  • following setup instructions carefully, including how to maintain and update the device
  • staying vigilant throughout the life of the device
  • being cautious on public Wi-Fi – avoid sending or receiving sensitive information on networks you don’t trust.

Tip 

Public networks can be easily accessed by attackers. Using a Virtual Private Network (VPN) adds an extra layer of protection.