Coordinated Vulnerability Disclosure (CVD) for Medical Device Cybersecurity

Some medical device manufacturers have implemented coordinated cybersecurity vulnerability portals and processes as one tool in their overall threat detection and response process. These portals and processes enable manufacturers to receive findings from researchers regarding potential vulnerabilities in a device. However, the majority of medical device manufacturers do not have portals or defined processes to receive these findings and to act on this information in a timely way. MDIC believes that coordinated cybersecurity vulnerability processes and portals are integral to a comprehensive approach to counteract cybersecurity threats.