The Australian regulatory framework for medical devices already captures cybersecurity. Manufacturers have been considering security in their design, and the Therapeutic Goods Administration (TGA) has been assessing and regulating the security of medical devices through the Essential Principles. However, the number of networked devices is growing, the risk profile is changing, and public awareness of cybersecurity as a risk is increasing. This changing landscape has created new challenges for regulators of medical devices, including poor or unclear standardisation, sharing information, publication of vulnerabilities and exploits by users and security researchers, and poor transparency of expectations between stakeholders. TGA is currently undertaking multiple projects to improve the regulation of medical device cybersecurity in Australia. These include, building on the existing capabilities to assess and measure medical device security, consulting with industry and other stakeholders on their challenges and expectations, and working to improve standardisation.