The International Medical Device Regulators Forum (IMDRF) is the succeeding organisation of the Global Harmonisation Task Force (GHTF) in the field of Medical Devices. The aim of the group is to issue harmonised guidelines. The latest guidance document on "Principles and Practices for Medical Device Cybersecurity" was issued in March 2020
The document contains a total of 45 pages including two appendices. The aim of the document is to provide concrete recommendations for all responsible stakeholders in connection with cyber security of medical devices and IVDs. It is intended to reduce the risks that can occur during the use of medical devices. Furthermore, the document is meant to ensure that the safety and efficacy of medical devices is maintained. It considers Medical Devices that contain software or are software themselves (e.g. Software as a Medical Device, SaMD). The focus of the guidance is on the consideration of cyber security in relation to possible patient harm. Security gaps, e.g. with regard to private data, are not the focus of the guideline.
You can find the complete document on the IMDRF website.