“Smart” but Insecure: Improving Medical Device Cybersecurity

by Daniel Bardenstein

Download Executive Summary

As “smart” medical devices continue to proliferate across the healthcare sector, healthcare organizations have been increasingly targeted by ransomware and other debilitating cyber attacks. These devices are often vulnerable to attacks, potentially allowing malicious hackers to steal patient data, modify medical exam results, or disrupt life-supporting machines. This project proposes that the Food and Drug Administration establish a clear list of cybersecurity requirements for medical devices to receive FDA approval, including the use of Device Query interfaces.

Click below to view various resources for navigating medical device cybersecurity, including two policy briefs proposing new cybersecurity standards and a sample FAQ sheet for the FDA to send to manufacturers and healthcare organizations explaining the minimum standards.


Read the Cyber Baseline Policy Brief
Read the Device Query Interface Policy Brief
Read FAQs about the Device Query Interface