How organizations can deliver medical device security the care it needs | EY

admin November 1, 2025 0
How organizations can deliver medical device security the care it needs | EY

While many legacy devices designed for patient outcomes perform well, they were not built with cybersecurity in mind and are unable to implement the essential firmware and software updates that are now critical for protecting both devices and data. To protect devices, health care organizations and patient care going forward, manufacturers are now adopting a secure by design philosophy where cybersecurity is integrated into the development lifecycle of medical devices — not treated as an afterthought. This means balancing clinical performance with security from day one. By utilizing this approach, medical device manufacturers and health care providers do not have to choose between patient outcomes and cyber protection — they can and must deliver both. This approach incorporates consideration of risk, exposure and possible threat into the design process along with practical and functional patient care performance.

Suggested measures for regulatory compliance

Given guidance from the Food and Drug Administration (FDA), released in June 2025, along with Health Insurance Portability and Accountability Act (HIPAA) regulations related to data protection and patient privacy, organizations should continue to establish or refine product security capabilities across three dimensions: people, process and technology. Steps include:

  • Improving accountability for product security by utilizing a qualified, skilled and central function employing security advocates within the product and device development teams to provide strategy, oversight and management of vulnerabilities and responses. This function will systemize security enhancements and maintain central control.
  • Utilizing a post-deployment customer support function to formally integrate medical device security and privacy considerations into post-deployment activities, including checklists for decommissioning connected products or transferring ownership.
  • Clarifying roles and responsibilities across multiple functional areas, including product management, supply chain, manufacturing, commercial sales, marketing, field services and customer support as well as legal, regulatory and information technology.
  • Tracking the medical device lifecycle to provide a single source of truth for cyber-relevant product information, automated processes to maintain inventory and insights into product security deliverable compliance. This enables informed business decisions around compliance and product security deliverables; helps to manage conversions; and supports better compliance, FDA reporting, and incident management times and procedures.
  • Establishing software bills of materials (SBOMs) to control sourcing, quality and security of third-party parts and materials for secure device design.
  • Implementing continuous product improvement of security capabilities by conducting periodic cyber and product security program assessments to guide further action and the adjustment of risk profiles.

Technical steps to enhance device security

As health care organizations implement the measures necessary to evolve medical device design and development processes for improved compliance, the following required steps across the people, process and technology dimensions should be considered:

link

More Stories

Smart Medical Devices Market to Reach US$ 180.38 Billion by 2033

Smart Medical Devices Market to Reach US$ 180.38 Billion by 2033

admin December 9, 2025 0
How Smart Technology in Healthcare Is Powering Smart Hospitals

How Smart Technology in Healthcare Is Powering Smart Hospitals

admin December 7, 2025 0
MedTech trends: Predicting the next wearable success story

MedTech trends: Predicting the next wearable success story

admin December 6, 2025 0

Leave a Reply

Your email address will not be published. Required fields are marked *

You may have missed

Grace Hopper – Her 119th Anniversary

Grace Hopper – Her 119th Anniversary

admin December 11, 2025 0
Audax partners with 10x Banking to accelerate digital banking modernization across APAC, Europe, and the Middle East

Audax partners with 10x Banking to accelerate digital banking modernization across APAC, Europe, and the Middle East

admin December 11, 2025 0
To Drive AI Adoption in Banking, You Need to Understand Your Employees’ Skills

To Drive AI Adoption in Banking, You Need to Understand Your Employees’ Skills

admin December 11, 2025 0
Why is Rust a critical programming language in 2026?

Why is Rust a critical programming language in 2026?

admin December 10, 2025 0
Fintech Innovations To Watch In 2026

Fintech Innovations To Watch In 2026

admin December 10, 2025 0