Research, not marketing

No single entity is going to “fix” medical device cybersecurity. We are dedicated to advancing our collective understanding of the challenges and opportunities we face through research.

The documents below are free to download, and we’re not going to do that thing where we ask for your email address in order to download them. We love feedback — so tell us if you love it, hate it or want to enhance it together.

Latest research

Meeting FDA Expectations for Cryptographic Security in Medical Devices
November 11, 2024

Meeting FDA Expectations for Cryptographic Security in Medical Devices

With increasing concerns about cyber attacks, and the implications on national security, governments and regulators are raising the bar on cybersecurity. As a result, implementing robust security capabilities and demonstrating their sufficiency has become a critical requirement for medical device manufacturers seeking FDA approval.

Navigating Cybersecurity Compliance: A Lifecycle Approach for Medical Device Manufacturers
October 14, 2024

Navigating Cybersecurity Compliance: A Lifecycle Approach for Medical Device Manufacturers

This whitepaper outlines the medical device software lifecycle processes anddetails the necessary documentation and activities required to meet newcybersecurity requirements. We will cover best practices for integratingcybersecurity throughout the medical device lifecycle, from design to post-marketmanagement. Key global regulatory expectations from the FDA and EU will behighlighted, along with insights into common challenges that result in approvalrejections. Additionally, the document will include examples of regulatory bodyresponses and real-world feedback from the past year, guiding manufacturerstoward improved compliance and enhanced product security.

 Decrypting Cryptography

Decrypting Cryptography

Implementing cybersecurity for modern medical devices requires compliance with complex regulations as well as adoption to a changing healthcare ecosystem where hospital networks are considered inherently hostile, devices are increasingly integrated, and data is moving into the cloud. Getting cybersecurity right requires mature processes, careful design considerations, and finding the right balance between the desired level of security and a device’s capabilities and utility. Getting cybersecurity wrong can have significant ramifications for patient safety, regulatory compliance and approval, and business and reputation. Read more for an introduction to achieving device security through cryptography.

 Impact of monitoring on medical device vulnerabilities

Impact of monitoring on medical device vulnerabilities

The root causes associated with medical device cybersecurity disclosures to date, reveals 81.8% of the related root causes would be impacted by the implementation of monitoring practices.

Tool and Processes for Medical Device Cybersecurity

Tool and Processes for Medical Device Cybersecurity

The Food and Drug Administration (FDA) issued an updated draft of the Premarket Cybersecurity Guidance in April 2022 which, when combined with existing finalized Postmarket Management of Cybersecurity in Medical Devices Guidance, specifies process and technical requirements to ensure medical devices are “secure by design” and that their security posture can be maintained over the lifetime of the device. In this paper we propose a hypothetical medical device vendor’s mature cybersecurity program that complies with FDA guidance, and we will analyze the processes and tools that aid in their success.

What the medical device industry can learn from past cybersecurity vulnerability disclosures

What the medical device industry can learn from past cybersecurity vulnerability disclosures

In the 2022 update of our annual ICS-CERT cybersecurity disclosure analysis, we found that the rate of medical device advisories has increased by 490% since the release of the FDA Postmarket Cybersecurity Guidance in 2016, but appears to have plateaued. Read about the latest medical device vulnerability data trends and predictions for the future.

More resources

Check out our blog

Our latest thoughts on medical device cybersecurity

FDA, RTA and eSTAR - oh my!

Watch our latest webinar that discusses regulatory updates and the impact for medical device development and post-market management.

Want to learn about our services and solutions?

Services

No matter where you are in the regulatory submission process, we have a variety of services that can meet your needs when and where you need us.

Guardian

The Guardian platform is a secure and scalable cryptographic solution that simplifies security processes and incident response.

Helm

Gain visibility across your software supply chain to detect, prioritize, and remediate cybersecurity risk.