Cyber attacks can cripple the operation of systems in any sector. However, in the case of health care, such paralysis can be a matter of life and death. Recently, medical device security has become a global concern and a focal point for regulators and manufacturers. In Europe, among the many innovations introduced by new regulations for in vitro medical and diagnostic devices, pressure is emerging on regulators to ensure that products placed on the European Union market are adapted to new technological challenges related to cybersecurity threats. Manufacturers are required to develop and manufacture their products in accordance with the state of the art, taking cyber risk into account. This process involves great care in defining and applying special measures for technological and operational security as well as protection against unauthorized access to confidential data and information.


A central definition relevant to medical device cybersecurity is that of “risk,” understood as a combination of the likelihood of harm occurring and the severity of that harm.

This definition is all-encompassing and applies to all possible types of risks, thus enabling the protection objectives set forth in the regulations. It is recognized that in the field of medical devices, the safety risk to the patient, user, and other parties involved must be reduced to an acceptable level. [1]

The cybersecurity requirements, listed in Annex I (Annex I) of the In Vitro Diagnostic and Medical Device Regulations (MDR 2017/745 and IVDR 2017/746), cover both premarket and postmarket aspects. The diagram below illustrates the interconnections between different regulations and new cybersecurity guidelines for medical device manufacturers. [1] In order to map the Cybersecurity activities that need to be applied during the lifecycle of a medical or diagnostic device, it is necessary to refer not only to the applicable parts of MDR or IVDR (Annex I), but also to three important European regulations: the Cybersecurity Act, the Privacy Act (GDPR), and the Network and Informational security (NIS).


Some requirements generally associated with cybersecurity are not explicitly mentioned in medical device regulations. Data privacy and confidentiality requirements associated with the use of medical devices are outside the scope of the medical device regulations, but are subject to other legislation.; (See Chapter 7 of the Guidance on Cybersecurity for medical devices MDCG 2019-16. [1]

In the context of cybersecurity and under the MDR, the manufacturer is required to manage all essential elements recalled in the figure and described in detail in the Cybersecurity Guidance for Medical Devices, Annex I of the MDR and the IVDR. [3]


Blockchain (blockchain) is a decentralized network of personal computers, which manages, stores and records the historical or transactional data of the “nodes” in the chain, which store the data. This technology facilitates the sharing of important data, keeps it secure and confidential, and speeds up the process of finding informsazionii that meet certain screening criteria using a single patient database.[2]

With blockchain, information can be quickly exchanged between users, and be recorded and stored locally by each user, eliminating the need for a central authority using this technology. Because information is recorded in a distributed manner, blockchain can be defined as a fully controllable, digital, decentralized transaction ledger.[3]

Blockchain technology has been strongly promoted by its fundamental commitment to the cryptocurrency revolution. It is a decentralized and secure way to transfer and store data or information. The use of the technology outside the financial and cryptocurrency sectors is gaining popularity.


The healthcare sector is primarily responsible for the adoption of blockchain technologies.[2] The figure provides an overview of the most significant applications of blockchain technology for the in the health care sector.[2] In clinical trials, blockchain technology introduces plausibility and insights. Records can be stored digitally as smart contracts on the blockchain. Secure network infrastructure, identity verification and authentication of all participants, and universal templates for approving access to electronic health information are some of the benefits of blockchain technologies in healthcare.[2]


In the field of medical devices, the new MDR regulation has introduced new requirements for improved product tracking and traceability, putting more pressure on supply chain controls. Blockchain technology, which can be used as a tool to improve product traceability, could be the answer to these new EU regulatory requirements.

Blockchain technologies have the potential to transform critical medical device processes throughout the product lifecycle, from development, to business operations and documentation in the supply chain. [5]


The biggest problems in the technologi field are data protection, information sharing, and the interaction between the parties involved (physicians, patients, authorities, etc.) in population health management. This specific problem can be addressed through the use of blockchain in a more reliable way. This technology improves security, data sharing, interoperability, integrity, and real-time updates and access if implemented properly.

The blockchain can also help solve privacy issues, particularly in the areas of biomedical technologies and wearable devices. Patients and healthcare providers need secure and simple means to record, send, and retrieve data over networks without security concerns; therefore, blockchain technology is being used to address these issues.


Currently, there are no specific regulations regarding blockchain technology. The European Commission has launched an EU Blockchain Observatory and Forum to monitor and analyze blockchain issues and trends. [4] The Observatory’s mission is to analyze trends and address emerging issues, serve as a global knowledge hub on blockchain, and provide an important communication opportunity for Europe to expose its vision on the international stage. The forum also aims to make recommendations on the role the EU could play in accelerating blockchain innovation and adoption.


An example of blockchain framework architecture in the field of “mobile health,” or sensor-based health monitoring, is presented in Figure. With the use of sensors embedded in watches such as the Apple Watch or Fitbit, it is possible to collect data from large populations through a decentralized mHealth application that monitors patient parameters via wearable sensors. For this purpose, a private blockchain is implemented and deployed to avoid the costs associated with transactions on the public blockchain, as well as to ensure user privacy.

Patient-related information is transmitted directly to the blockchain network and received by a smart contract that implements the necessary functions. In the diagram presented in the figure, healthcare providers, medical experts and researchers, who will be able to access patient records, act as active (mining) nodes. Patients can connect directly to the blockchain network without a central server or database, thus eliminating single points of failure.

Because the amount of raw data collected is so large, it is inefficient to store all measurements on the blockchain network. Instead, in the framework shown, the raw data is stored as JSON files on the Inter Planetary File System (IPFS), which is a decentralized hypermedia protocol for file storage and remote access. On IPFS, each file receives a unique identifier (hash) and the contents of the file are distributed across the network. The file hash is stored on the blockchain and associated with each patient. [3]


The use of blockchain has many advantages. The first is savings. Especially in the health sector, the use of unnecessary economic resources and avoidable waste leads to shortages and reduced quality of care in other sectors.

Another advantage of the decentralized network is to avoid having a central intermediary, which leads to high vulnerability to external threats, be they malware and other cyber hazards, or real adversaries, human and non-human (fire, water, earthquakes, etc.).

Finally, the credibility of a central intermediary can be challenged by some parties. This is particularly important in the health care sector: there are few areas where so many different viewpoints and interests need to be reconciled in order to achieve a common goal of good patient care.

Another strength of blockchain is that it is designed to handle interlinked transactions. In healthcare, physicians and researchers might be willing to do the validation work in the form of, for example, anonymized patient data from the blockchain, which they can use for research purposes.

The blockchain is not simply a secret weapon of for privacy and security. Under certain circumstances it can offer significant economic and organizational advantages over conventional database technologies, and these characteristic circumstances are remarkably relevant considering today’s conditions in the healthcare sector.


  1. MDCG 2019-6 Rev. 1 Guidance on Cybersecurity for medical devices. 2020 [cited 2022; Available from:
  2. Haleem, A., et al., Blockchain technology applications in healthcare: An overview. International Journal of Intelligent Networks, 2021. 2: p. 130-139.
  3. Taralunga, D.D. and B.C. Florea, A Blockchain-Enabled Framework for mHealth Systems. Sensors, 2021. 21(8).
  4. EU Blockchain Observatory and Forum.
  5. What Could Blockchain Technologies Mean for the Medical Device Industry? MDDI 29 Luglio 2022

Share This Story, Choose Your Platform!