Product safety in the medical device industry is paramount. Without safety measures in place, medical devices, especially connected ones that monitor, collect and transfer patient data, can become vulnerable to threats like cyber attacks. MDIC’s Annual Medical Device Cybersecurity Maturity Industry Benchmark Assessment helps medical device manufacturers further examine their cybersecurity posture and address potentials risks across the total product life cycle.
The annual assessment is developed by MDIC in collaboration with Healthcare and Public Health Sector Coordinating Council (HSCC), and Apraciti.
MDIC will utilize survey findings to create resources to measure maturity over time and enable industry growth through continuous product security enhancements.
*All information provided by participating companies will be kept confidential and withheld from any regulatory or governing bodies. Non-identifiable summaries of the overall findings will be made public as part of the overarching benchmark study.*
2024 Cybersecurity Maturity Assessment is open until December 13.
Upon completion of this survey, respondents will receive a high-level report containing the organization’s overall score, sub-score per category (Organization, Risk Management, Design Control & Complaint Handling) and a high-level depiction of current posture relative to industry peers based on the participating pool of Medical Device Manufacturers.
We hope these insights will enable medical device manufacturers of various sizes to better understand and measure their product security programs; to further adopt secure product development processes; and to build more robust, higher quality, medical devices that positively impact public health. While similar maturity models have been used previously by some medical device manufacturers (e.g., OWASP SAMM, CMMI, NIST), this benchmark is a first step to provide a standardized assessment custom to the medical device industry while building evidence-based data sets for on-going improvement.
Please note this survey does not provide a certification or attestation and should not be considered a substitute for completing a comprehensive security maturity assessment or for conducting a third-party security audit. Respondents may publicly disclose survey results for marketing purposes but by participating in this survey, each respondent acknowledges and agrees that (1) it will be clearly stated that these survey scores are based on a subjective self-assessment that yielded results which have not been certified by an objective third-party each and every time the respondent publicly discloses the survey scores in any and all media or discloses the scores to a third party, and (2) it will not indicate or imply that the Medical Device Innovation Consortium has certified or attested to the survey results.
For additional support, please contact cybersecurity@mdic.org