MDIC Medical Device Cybersecurity Maturity: Industry Benchmarking Report 2023

Contact: Noor Falah, Project Manager cybersecurity@mdic.org

MDIC Industry Benchmarking Report 2023: Medical Device Cybersecurity Maturity. Download the Report

FOR IMMEDIATE RELEASE

[Arlington, VA] – The Medical Device Innovation Consortium (MDIC) has announced the release of its 2nd Annual Medical Device Cybersecurity Maturity Benchmark report. This comprehensive study provides a critical assessment of the cybersecurity posture of the medical device industry, offering valuable insights for manufacturers and stakeholders alike alongside an assessment tool for individual medical device manufacturers (MDMs) .

Securing medical devices remains a top priority in healthcare. Outdated technology, growing network connections, and a lack of unified security standards create a complex landscape with potential risks to patient safety. MDIC is tackling these challenges by promoting comprehensive and collaborative approaches to medical device cybersecurity. MDIC partnered with the Health Sector Coordinating Council (HSCC) and Apraciti, for the 2023 benchmark to build on the success of the inaugural report for 2022. The 2nd Annual Benchmark leverages a refined methodology, expanded participation, and the expertise of Apraciti to deliver even more robust data. The report analyzes cybersecurity practices across key areas, enabling medical device manufacturers (MDMs) to benchmark their performance against industry standards and identify areas for improvement using the complimentary assessment tool and the resources highlighted in the report. By understanding industry benchmarks, MDMs can make informed decisions to enhance their cybersecurity posture and mitigate risks.

The Need for Continuous Improvement

The 2023 findings underscore the ongoing challenge: the average cybersecurity maturity rating for medical device manufacturers across all participating companies was 1.86 (on a scale of 0-5, with 5 representing the best). This figure indicates the industry is still hovering between developing cybersecurity concepts and working to implement plans. While there’s a slight uptick from the previous year’s average (1.51), the composite average remains notably low, highlighting a persistent gap in cybersecurity readiness.

“MDIC is committed to fostering a more secure medical device ecosystem, and this collaboration with HSCC and Apraciti strengthens our ability to achieve that goal,” said Jithesh Veetil, Senior Program Director at MDIC. “The Joint Security Plan from HSCC provides a strong foundation for measuring cybersecurity maturity, and Apraciti’s expertise enhances the execution and analysis of the benchmark. This annual report, combined with our assessment tool, empowers MDMs to identify and address vulnerabilities, ultimately strengthening the overall security posture of the industry.”

Greg Garcia, Cybersecurity Executive Director at HSCC, emphasizes the importance of collaboration: “By working together, MDIC, HSCC, and Apraciti created a unified approach to medical device cybersecurity. This benchmark report is a valuable tool for the entire healthcare sector, and we look forward to seeing how it drives positive change. In particular,” Garcia added, “medical device manufacturers now have a specific target for raising the bar: the five-year Health Industry Cybersecurity Strategic Plan released in February 2024 points to strategic Goal #6, which calls for technology used in the clinical environment to be ‘secure by design and secure by default.’ Medical device manufacturers should use the benchmark report and the strategic plan to help upgrade the diagnosis of healthcare cybersecurity from ‘critical condition’ to ‘stable condition’ by 2029.”

The MDIC 2nd Annual Medical Device Cybersecurity Maturity Benchmark report and the complimentary assessment tool are available at www.mdic.org/resource/2023-cybersecurity-benchmarking-report/

For more information about MDIC and to access the benchmark survey, please visit the MDIC Cybersecurity website.

About MDIC

The Medical Device Innovation Consortium (MDIC)’s stated mission is to improve health and save lives by accelerating access to medical technologies. Through stakeholder collaboration, MDIC leads the way in advancing the scientific and technical foundations of medical device design, manufacturing, regulation, reimbursement and clinical integration. Founded in 2012 as a nonprofit, public-private partnership to elevate regulatory science, MDIC develops new approaches and tools for addressing shared challenges among medical device manufacturers, researchers, regulators, payers, patients, and health care providers. MDIC delivers high impact work in the core areas of quality design and manufacturing, evidence generation, digital technology and transformation, and patient engagement. To learn more and explore opportunities to collaborate, visit www.MDIC.org is a non-profit organization focused on advancing medical device development and regulatory science. MDIC convenes stakeholders from industry, academia, government, and the patient community to address critical challenges and accelerate innovation in the medical device field.

More Like This

Coordinated Vulnerability Disclosure (CVD) for Medical Device Cybersecurity Report

Landscape Analysis of 5G in Healthcare

Playbook for Threat Modeling Medical Devices