Medical devices and artificial intelligence systems rapidly transform healthcare provisions. At the same time, due to their nature, AI in or as medical devices might get exposed to cyberattacks, leading to patient safety and security risks. This book chapter is divided into three parts. The first part starts by setting the scene where we explain the role of cybersecurity in healthcare. Then, we briefly define what we refer to when we talk about AI that is considered a medical device by itself or supports one. To illustrate the risks such medical devices pose, we provide three examples: the poisoning of datasets, social engineering, and data or source code extraction. In the second part, the paper provides an overview of the European Union's regulatory framework relevant for ensuring the cybersecurity of AI as or in medical devices (MDR, NIS Directive, Cybersecurity Act, GDPR, the AI Act proposal and the NIS 2 Directive proposal). Finally, the third part of the paper examines possible challenges stemming from the EU regulatory framework. In particular, we look toward the challenges deriving from the two legislative proposals and their interaction with the existing legislation concerning AI medical devices' cybersecurity. They are structured as answers to the following questions: (1) how will the AI Act interact with the MDR regarding the cybersecurity and safety requirements?; (2) how should we interpret incident notification requirements from the NIS 2 Directive proposal and MDR?; and (3) what are the consequences of the evolving term of critical infrastructures? [This is a draft chapter. The final version will be available in Research Handbook on Health, AI and the Law edited by Barry Solaiman & I. Glenn Cohen, forthcoming 2023, Edward Elgar Publishing Ltd]

翻译：医疗器械与人工智能系统正在迅速改变医疗保健服务模式。然而，由于其特殊性质，作为医疗器械或包含在医疗器械中的人工智能可能面临网络攻击风险，进而危及患者安全与数据安全。本章分为三部分：第一部分首先阐述网络安全在医疗保健中的作用背景，随后明确界定"被视为独立医疗器械或支撑医疗器械的人工智能"的内涵，并通过数据集投毒、社会工程学攻击以及数据/源代码窃取三个典型案例说明此类设备的安全风险；第二部分概述欧盟确保人工智能作为医疗器械或其组成部分的网络安全监管框架（包括《医疗器械法规》《网络与信息安全指令》《网络安全法案》《通用数据保护条例》《人工智能法案》提案及《网络与信息安全2.0指令》提案）；第三部分分析欧盟监管框架可能带来的挑战，重点关注两项立法提案及其与现有法律体系在人工智能医疗器械网络安全问题上的互作关系。这些挑战可归纳为以下问题：（1）《人工智能法案》与《医疗器械法规》在网络安全与安全性要求方面将如何协同？（2）《网络与信息安全2.0指令》提案与《医疗器械法规》中的事件报告要求应如何解读？（3）关键基础设施概念的演变将带来何种影响？【本文为草稿章节，最终版本将收录于Barry Solaiman与I. Glenn Cohen合编的《健康、人工智能与法律研究手册》（Edward Elgar Publishing Ltd，2023年即将出版）】