Health Canada released the full guidance document, Pre-market Requirements for Medical Device Cybersecurity. It can be viewed at: https://www.canada.ca/en/health-canada/services/drugs-health-products/medical-devices/application-information/guidance-documents/cybersecurity.htm
It includes requirements such as:
“Risk management is required for all medical devices throughout their life-cycle. Manufacturers should incorporate cybersecurity into the risk management process for every device that consists of or contains software. Manufacturers are also encouraged to develop and maintain a framework for managing cybersecurity risks throughout their organizations.”
“All cybersecurity risk control measures should be successfully verified and validated against the device’s design requirements and/or design specifications. Manufacturers should be able to trace all verification and validation activities back to the device’s design requirements and/or design specifications.”