Medical Device Penetration Testing
Overview
Penetration testing, or ethical hacking, involves simulating cyber-attacks to identify and address vulnerabilities in systems before malicious actors can exploit them. This practice is crucial for safeguarding sensitive information, ensuring regulatory compliance, and improving overall security posture. For medical devices, penetration testing is especially important to protect patient data, maintain device integrity, and prevent disruptions in healthcare services, thereby enhancing patient safety and system reliability.
Proposed Deliverables
MDIC is developing a best practices framework on key elements of the application of penetration testing to medical devices. The framework will cover topics such as:
- Relationship of penetration testing to software and device validation activities.
- What are best practices for PenTesting, including when and how often it should be performed?
- How can penetration testers be driven by threat scenarios?
- How should the results from a penetration test be treated for device correction and improvement?
PenTesting Members
Chris Reed (Lead)
Medtronic
Dirk de Wit
Philips
Jason Herbst
Medtronic
Peter Kapelanski
Medtronic
Inhel Rekik
Bracco
Curtis Blythe
Abbott
Matt Hazelett
MedSec
David Hingos
Johnson and Johnson
Tyrone Heggins
BD
Sanket Kamath
Boston Scientific
Michelle Jump
MedSec
Jessica Wilkerson
FDA
Cybersecurity Resources
MDIC Medical Device Cybersecurity Maturity: Industry Benchmarking Report 2023
Coordinated Vulnerability Disclosure (CVD) for Medical Device Cybersecurity Report
Playbook for Threat Modeling Medical Devices
Join Us!
To learn more, please contact MDIC project manager Noor Falah or program director Jithesh Veetil, cybersecurity@mdic.org