Skip to content

Medical Device Cybersecurity Survey Report Released

Cybellum released a medical device survey report on April 20, 2022 entitled “Medical Device Cybersecurity: Trends and Predictions.”  The company’s website states that their “mission is to enable manufacturers and their suppliers to develop and maintain products that aren’t just safe, but are also secure.”

According to the company website, in preparing the new report, Cybellum “asked top security experts from hundreds of medical device manufacturers, about their main challenges and how they plan to solve them in 2022, and beyond.”

Cybellum lists the following key findings from the report:

Almost 90% admitted they need to improve on key areas, such as SBOM [software bill of materials] analysis and compliance readiness

Over 55% do not have a dedicated response team (PSIRT) in place

Almost 55% increased their cybersecurity budget by more than 25% in 2022

Other media outlets described the report as finding “widespread cybersecurity noncompliance despite rising investment,” and “[m]ore than half of medical device companies think they are noncompliant with cybersecurity regulations, standards and guidelines.”  Further, “compliance with requirements ranged from 54% for Food and Drug Administration premarket submissions to 37% for International Medical Device Regulators Forum (IMDRF) cybersecurity principles and practices.”

According to MedTechDive, the report states that “[m]ore than 80% of respondents see device security as a competitive advantage and almost every polled company increased its security budget this year. However, 78% of those surveyed indicated they are doing the minimum to achieve compliance and 80% view device security as a ‘necessary evil’ imposed by regulators.”

According to a press release by Cybellum, “[m]edical device cybersecurity has become an extremely complex challenge. With medical devices becoming software-driven machines, and the rapid pace at which cybersecurity risk evolves due to new vulnerabilities, complex supply chains, new suppliers, and new product lines, it has become seemingly impossible to keep the entire product portfolio secure and compliant at all times. It is now more important than ever to learn from peers and try to find the best way forward.”

The full text of the survey report can be found here.

Tags

, , , ,

By using this blog, you agree and understand that no information is being provided in the context of any attorney-client relationship. You further agree and understand that nothing herein is intended to be legal advice. This blog is solely informational in nature, and is not intended as, and should not be used as, a substitute for competent legal advice from a retained and licensed attorney in your state. Knobbe Martens LLP makes no representations or warranties as to the accuracy, completeness, timeliness or availability of the information in this blog. Knobbe Martens LLP will not be liable for any injury or damages relating to your use of, or access to, any such information. Knobbe Martens LLP undertakes no obligation to correct or update information on this blog, which may be incorrect or become incorrect or out of date over time. Knobbe Martens LLP reserves the right to alter or delete content or information on the blog at any time. This blog contains links and references to other websites and publications that you may find of interest. Knobbe Martens LLP does not control, promote, endorse or otherwise have any affiliation with any other websites or publications unless those websites or publications expressly state such an affiliation. Knobbe Martens LLP further has no responsibility for, and makes no representations regarding, the content, accuracy or any other aspect of the information in such websites or publications.
close modal