Penetration testing is considered a best practice for software-based devices that manage sensitive data or provide diagnostics or therapies for patients.  Drawn from practices used in the broader information security industry, there is a need to clearly define its use in regulated medical devices.

The UK National Cyber Security Centre defines penetration testing as: “A method for gaining assurance in the security of an IT system by attempting to breach some or all of that system’s security, using the same tools and techniques as an adversary might. ”

Providing information on how these practices should be applied to medical device is the purpose of this project.