Author: Sebastian Wittor <\/strong>Cybersecurity Lead at BAYOOMED<\/p>\n<\/div> The increasing use of closed-loop systems in medical technology brings with it a new class of challenges for cybersecurity. Unlike traditional medical devices, where medical professionals make the final treatment decisions, closed-loop systems operate largely autonomously. They continuously measure physiological parameters, interpret them and trigger therapeutic measures as required, without any human intervention. The software thus becomes the central player in the therapy context and at the same time a potential target. <\/p>\n<\/div><\/div><\/div><\/div><\/div> A closed-loop medical device is essentially based on three functional components:<\/p>\n This closed control chain enables dynamic, often real-time adaptation of the therapy to the patient’s status. The increase in efficiency and safety is enormous, provided that the system is reliably protected against errors, manipulation and failures. <\/p>\n<\/div> The EU Medical Device Regulation (MDR) classifies closed-loop systems as active therapeutic devices with built-in diagnostics. According to Annex VIII, Rule 22, they are subject to risk class III – the highest class. This results in extensive requirements for the safety, performance and – increasingly relevant – the cybersecurity of these systems. <\/p>\n<\/div> In September 2023, the FDA published new guidelines for Physiological Closed-Loop Controlled (PCLC) systems. These explicitly address systems that intervene in the therapy process without human intervention. The key requirements are <\/p>\n For interoperable systems, the FDA also recommends compliance with the AAMI\/UL standards.<\/p>\n<\/div><\/div><\/div><\/div><\/div> The FDA guideline contains practical recommendations for the implementation of PCLC systems. Even if these are not explicitly prescribed in the MDR, they can be used as excellent guidelines for European developments, particularly in the early development phase. <\/p>\n Important aspects are:<\/p>\n<\/div> Sensor technology: Controller:<\/strong><\/p>\n The controller is the “brain” of the system. It must make decisions on a comprehensible, documented and safety-certified basis, be it rule-based, model-based or through machine learning. The behavior in the event of incorrect or missing data is particularly critical. <\/p>\n<\/div>\n<\/div><\/li> System integration: Cloud backend: Safety and security are inextricably linked in the development of PCLC systems. Measures from one area often have an effect on the other. For example, redundant calculations of critical algorithm steps increase both safety (in the sense of \u201csafety\u201d) and protection against manipulation (in the sense of \u201csecurity\u201d). Comprehensive logging also helps to precisely reconstruct the causes of system behavior later on. <\/p>\n<\/div> A central question in development is: What should the system do in an emergency?<\/p>\n If the database breaks down or the controller detects an error, it must be clearly defined whether the system switches back to a basic medication, stops operation or takes alternative safety measures. This decision must be medically sound and documented as part of risk management. <\/p>\n<\/div> A cloud backend offers decisive advantages, especially for PCLC systems. It enables: <\/p>\n All of this helps to increase confidence in the functionality and security of the system.<\/p>\n<\/div> As PCLC systems are still comparatively new in regulatory terms, it is worth creating detailed documentation for the closed-loop part, especially at the beginning. As experience grows, this can be streamlined and adapted in a targeted manner. As with the introduction of the MDR, the right measure will emerge over time. <\/p>\n<\/div><\/div><\/div><\/div><\/div> A holistic approach to security is essential – throughout the entire life cycle. Important measures include <\/p>\n<\/div> Early integration of cybersecurity expertise in product development<\/p>\n<\/div>\n<\/div><\/li> Threat analysis (threat modeling) as early as the concept phase<\/p>\n<\/div>\n<\/div><\/li> Permanent monitoring and seamless logging<\/p>\n<\/div>\n<\/div><\/li> Redundancy and diversity in safety-critical areas<\/p>\n<\/div>\n<\/div><\/li> Clear communication structures between all departments involved, from Regulatory Affairs to Legal<\/p>\n<\/div>\n<\/div><\/li><\/ul> Closed-loop medical devices offer enormous potential for precise and adaptive therapies, especially for critically ill or chronically unstable patients. However, the associated cybersecurity requirements are complex and should not be underestimated. Establishing clear security concepts at an early stage, complying with regulatory frameworks and understanding the special features of such systems creates the basis for sustainable success – technically, regulatory and clinically. <\/p>\n<\/div><\/div><\/div><\/div><\/div><\/p>\n","protected":false},"author":8,"featured_media":5854,"template":"","categories":[45],"class_list":["post-5856","news","type-news","status-publish","has-post-thumbnail","hentry","category-news-en"],"yoast_head":"\nIntroduction to closed-loop systems<\/h2><\/h2><\/div>
\n
![\"BAYOOMED](\"https:\/\/www.bayoomed.com\/wp-content\/uploads\/sites\/4\/2024\/06\/BAYOOMED-Organisatrische-Massnamen-zur-Einhaltung-von-Cyber-Sicherheitsanforderungen-an-netzwerkfaehige-Medizinprodukte.jpg\" "\\"BAYOOMED")
<\/span><\/div>Regulatory basis: MDR and FDA<\/h2><\/h2><\/div>
MDR – European requirements<\/h3><\/h3><\/div>
FDA requirements from the USA<\/h3><\/h3><\/div>
\n
Requirements from the \u201cPhysiologic Closed-Loop Controlled Devices\u201d guidance<\/h2><\/h2><\/div>
<\/strong>Sensors must provide reliable values, even under interference. High demands are placed on artifact suppression, signal stability, redundancy and reliability. <\/p>\n<\/div>\n<\/div><\/li>
The actuators convert control commands into specific therapeutic measures. Latency times must be minimized, errors detected and critical situations safeguarded by defined fallback mechanisms. <\/div>\n<\/div><\/li>
<\/strong>The connection between sensors, controls and actuators is particularly prone to errors. Communication failures or timing problems must be reliably detected and intercepted. Logging, alarms and clear user guidance are essential components. <\/p>\n<\/div>\n<\/div><\/li>
<\/b>A cloud backend can serve as a backup in the event of a fault and provide additional control options. At the same time, security requirements are increasing, for example in terms of encrypted communication, data integrity and access protection. <\/p>\n<\/div><\/li><\/ul>![\"BAYOOMED-Richtlinien\"](\"https:\/\/www.bayoomed.com\/wp-content\/uploads\/sites\/4\/2025\/04\/BAYOOMED-Richtlinien.jpg\" "\\"BAYOOMED-Richtlinien\\"")
<\/span><\/div><\/div><\/div><\/div><\/div>Experience from the development of closed-loop systems<\/h2><\/h2><\/div>
Safety and security – two sides of the same coin<\/h3><\/h3><\/div>
Dealing with worst-case scenarios<\/h3><\/h3><\/div>
Cloud backend as a critical system component<\/h3><\/h3><\/div>
\n
Documentation – not just an obligation, but an opportunity<\/h3><\/h3><\/div>
Recommendations for manufacturers<\/h2><\/h2><\/div>
Conclusion<\/h2><\/h2><\/div>