A key piece of managing medical device and diagnostic cybersecurity risks is the integration of threat modeling which provides a blueprint to strengthen security through the total product lifecycle of the devices, thereby ensuring improved safety and effectiveness of medical products. In September 2019, FDA awarded funding to MDIC to increase awareness on systematic approaches to threat modeling that can enable manufacturers to effectively address system level risks. Through an FDA funded cybersecurity initiative, MDIC is committed to offer two bootcamps on threat modeling for medical device stakeholders in 2020-21. MDIC has identified and collaborated with over two dozen SMEs on threat modeling – both from MedTech and non-MedTech sector, led by Shostack & Associates, in developing the modules for bootcamps. The first bootcamp was held during Aug 17-21, 2020. The second bootcamp is tentatively scheduled for Feb 2021. The link to apply to the bootcamp is provided at the bottom of this page. This opportunity will be most beneficial if technical professionals participate along with their counterparts on the regulatory side. Although the bootcamp is free of charge to participate, seats are limited. In case of an overwhelming response, MDIC will restrict registration to a maximum of two representatives from each interested company. Selected participants will receive an email confirmation at least 3 weeks ahead of the bootcamp.

In parallel to the bootcamps, MDIC is closely working with MITRE to develop a Medical Device Threat Modeling Playbook to be released in 2021. To learn more about various MDIC cybersecurity initiatives, email us at cybersecurity@mdic.org

Objectives & discussion topics for the MDIC threat modeling bootcamps:

  • Intensive, hands-on sessions on threat modelling.
  • Learn about structured, systematic and comprehensive approach to threat modelling for engineering more secure systems from SMEs from public and private sector.
  • Learn the latest updates on medical device cybersecurity and related areas from representatives of FDA and industry.
  • Networking opportunity with SMEs from MedTech and non-MedTech sectors to learn on cybersecurity best practices that can be incorporated into the medical device industry
  • Contribute to the discussions on the development of Medical Device Threat Modelling Playbook

Who should attend:

  • Technical professionals in the medical device sector working in product development including software development, systems architecture or integration, project management, or documentation management.
  • Regulatory professionals in the medical device public and private sectors.

This opportunity will be most beneficial if technical professionals participate along with their counterparts on the regulatory side. Although the bootcamp is free of charge to participate, seats are limited. In case of an overwhelming response, MDIC will restrict registration to a maximum of two representatives from each interested company. Selected participants will receive an email confirmation at least 3 weeks ahead of the bootcamp. MDIC intends to hold another bootcamp in 2021, check back for details or signup to be notified.