Cybersecurity In Medical Device Development

By Seyed Khorashahi

For medical device manufacturers, technology can be a double-edged sword. The technologies that elevate the quality of life for patients can be used by cybersecurity bad actors to potentially harm patients or undermine the organization using the device as well as the device itself.

The vast interconnectivity of medical devices is widening the attack surface of the public health sector. Intrusions and breaches are possible because of weaknesses in a medical device’s cybersecurity design. Medical device vulnerabilities that are not identified and remediated before the device goes to market can serve as access points for entry into a health care facility’s network, which leads to compromising data confidentiality and integrity as well as potential patient safety.

That said, security now needs a seat at the design table, accompanied by its own list of requirements. Many cybersecurity weaknesses are a result of poor design choices and lack of clear requirements. Having a security expert who is familiar with medical device development review the device’s requirements and architecture can uncover security vulnerabilities, which can be mitigated during development long before the product goes into manufacturing.

The following resources identify specific areas to focus cybersecurity efforts throughout the product’s life cycle.