Membership
Our Work
Resources
- Resource LibraryWhitepapers, research, toolkits, and more
- Video LibraryLearn about upcoming webinars or watch them on-demand
News & Events
- News & EventsMDIC helps you stay abreast of the latest advances and happenings within the MedTech sector through news releases and educational events. Check out the MDIC activities and events as well as a compilation of must-attend meetings and conferences from across the industry.
- containt-menu
  - EventsMDIC hosts in-person and virtual forums and events for the benefit of the medical technology community….
  - NewsGet the scoop on what’s new at the consortium and across the medical device industry.
  - MDIC Innovators Forum
About
- About MDICFounded in 2012, the Medical Device Innovation Consortium (MDIC) is the first Public-Private partnership created with the sole objective of advancing medical device regulatory science throughout the total product life cycle.
- containt-menu
  - Mission & PurposeFrom research to innovation, explore our story.
  - LeadershipMeet the MDIC Board of Directors.
  - StaffGet to know our team.
  - CareersEmployment opportunities with MDIC.
Contact

Cybersecurity Threat Modeling

Overview

A key piece of managing medical device and diagnostic cybersecurity risks is the integration of threat modeling (TM). TM provides a blueprint to strengthen security through the total product lifecycle of the devices, thereby ensuring improved safety and effectiveness of medical products. Threat Modeling must be used to systematically identify, evaluate, and prioritize potential security threats and vulnerabilities to enhance overall risk management and defense strategy of medical devices.

In 2019, FDA awarded funding to MDIC to increase awareness on systematic approaches to TM that can enable manufacturers to effectively address system level risks. MDIC delivered multiple bootcamps on TM for medical device stakeholders. MDIC collaborated with over two dozen SMEs on threat modeling – both from MedTech and non-MedTech sector, led by Shostack & Associates, in developing the modules for bootcamps. The selected participants included both technical professionals working in the product development sector as well as regulatory professionals in the medical device public and private sectors.

In parallel to the bootcamps, MDIC and MITRE collaboratively developed the Playbook for Threat Modeling Medical Devices.

Read the Threat Modeling Playbook

digital health cyber

Playbook for Threat Modeling Medical Devices

Threat Modeling Bootcamp

Intensive, hands-on sessions on threat modeling.

Learning about structured, systematic and comprehensive approach to threat modeling for engineering more secure systems from SMEs from public and private sector.

Networking opportunity with SMEs from MedTech and non-MedTech sectors to learn on cybersecurity best practices that can be incorporated into the medical device industry

To learn more about participating in a TM Bootcamp, please contact the MDIC Cybersecurity team at cybersecurity@mdic.org

Threat Modeling Working Group Members

Melissa P Chase

Mitre

Steve Christey Coley

Mitre

Stephanie Domas

MedSec

Matt Hazelett

MedSec

Brian Fitzgerald

FDA

Nicholas Gerteisen

Smith + Nephew

Sean Harrington

Abbott

Tyrone Heggins

Daniel Heppner

Roche

Iacovos (Jake) Kyprianou

FDA

Tara Larson

Abbott

Ashley Mancuso

Johnson and Johnson

Charles Martinez

Beckman Coulter

Colin Morgan

Apraciti

Chris Reed

Medtronic

Sudar Shields

Boston Scientific

Adam Shostack

Shostack + Associates

Lisa Simone

FDA

Daniel Speck

Roche

Scott Van Eps

Beckman Coulter

Eugene Vasserman

Kansas State University

Matt Weir

Mitre

Charles Wilson

Motional

Beau Woods

I am the Cavalry

Margie Zuk

Mitre

Cybersecurity Resources

MDIC Medical Device Cybersecurity Maturity: Industry Benchmarking Report 2023

Learn More

Playbook for Threat Modeling Medical Devices

Learn More

Coordinated Vulnerability Disclosure (CVD) for Medical Device Cybersecurity Report

Learn More

Explore All Cybersecurity Resources