Medical Device Penetration Testing

Overview

Penetration testing, or ethical hacking, involves simulating cyber-attacks to identify and address vulnerabilities in systems before malicious actors can exploit them. This practice is crucial for safeguarding sensitive information, ensuring regulatory compliance, and improving overall security posture. For medical devices, penetration testing is especially important to protect patient data, maintain device integrity, and prevent disruptions in healthcare services, thereby enhancing patient safety and system reliability.

Proposed Deliverables

MDIC is developing a best practices framework on key elements of the application of penetration testing to medical devices.  The framework will cover topics such as:

  • Relationship of penetration testing to software and device validation activities.
  • What are best practices for PenTesting, including when and how often it should be performed?
  • How can penetration testers be driven by threat scenarios?
  • How should the results from a penetration test be treated for device correction and improvement?

PenTesting Members

Chris Reed (Lead)

Medtronic

Dirk de Wit

Philips

Jason Herbst

Medtronic

Peter Kapelanski

Medtronic

Inhel Rekik

Bracco

Curtis Blythe

Abbott

Matt Hazelett

MedSec

David Hingos

Johnson and Johnson

Tyrone Heggins

BD

Sanket Kamath

Boston Scientific

Michelle Jump

MedSec

Jessica Wilkerson

FDA

Cybersecurity Resources

MDIC Medical Device Cybersecurity Maturity: Industry Benchmarking Report 2023

Coordinated Vulnerability Disclosure (CVD) for Medical Device Cybersecurity Report

Playbook for Threat Modeling Medical Devices

Join Us!

To learn more, please contact MDIC project manager Noor Falah or program director Jithesh Veetil, cybersecurity@mdic.org