The Annual MDIC Medical Device Cybersecurity Maturity Industry Benchmarking evaluates the cybersecurity posture of medical device manufacturers (MDMs) against established rubrics through a free, online assessment. This industry Benchmark Assessment helps MDMs further examine their cybersecurity posture and address potentials risks across the total product life cycle.
The annual assessment is developed by MDIC in collaboration with Healthcare and Public Health Sector Coordinating Council (HSCC), and Apraciti.
Participating MDMs get an instant report that provides valuable insights into potential vulnerabilities, benchmark performance against peers, and areas to strengthen cybersecurity. MDIC publishes a compiled and anonymized findings annually, to establish industry benchmarks and enhance device security.
*All information provided by participating companies will be kept confidential and withheld from any regulatory or governing bodies. Non-identifiable summaries of the overall findings will be made public as part of the overarching benchmark study.*
2024 Cybersecurity Maturity Assessment is open until January 17th, 2025.
Upon completion of this survey, respondents will receive a high-level report containing the organization’s overall score, sub-score per category (Organization, Risk Management, Design Control & Complaint Handling) and a high-level depiction of current posture relative to industry peers based on the participating pool of Medical Device Manufacturers.
We hope these insights will enable medical device manufacturers of various sizes to better understand and measure their product security programs; to further adopt secure product development processes; and to build more robust, higher quality, medical devices that positively impact public health. While similar maturity models have been used previously by some medical device manufacturers (e.g., OWASP SAMM, CMMI, NIST), this benchmark is a first step to provide a standardized assessment custom to the medical device industry while building evidence-based data sets for on-going improvement.
Please note this survey does not provide a certification or attestation and should not be considered a substitute for completing a comprehensive security maturity assessment or for conducting a third-party security audit. Respondents may publicly disclose survey results for marketing purposes but by participating in this survey, each respondent acknowledges and agrees that (1) it will be clearly stated that these survey scores are based on a subjective self-assessment that yielded results which have not been certified by an objective third-party each and every time the respondent publicly discloses the survey scores in any and all media or discloses the scores to a third party, and (2) it will not indicate or imply that the Medical Device Innovation Consortium has certified or attested to the survey results.
For additional support, please contact cybersecurity@mdic.org