Cybellum released a medical device survey report on April 20, 2022 entitled “Medical Device Cybersecurity: Trends and Predictions.” The company’s website states that their “mission is to enable manufacturers and their suppliers to develop and maintain products that aren’t just safe, but are also secure.”
According to the company website, in preparing the new report, Cybellum “asked top security experts from hundreds of medical device manufacturers, about their main challenges and how they plan to solve them in 2022, and beyond.”
Cybellum lists the following key findings from the report:
Almost 90% admitted they need to improve on key areas, such as SBOM [software bill of materials] analysis and compliance readiness
Over 55% do not have a dedicated response team (PSIRT) in place
Almost 55% increased their cybersecurity budget by more than 25% in 2022
Other media outlets described the report as finding “widespread cybersecurity noncompliance despite rising investment,” and “[m]ore than half of medical device companies think they are noncompliant with cybersecurity regulations, standards and guidelines.” Further, “compliance with requirements ranged from 54% for Food and Drug Administration premarket submissions to 37% for International Medical Device Regulators Forum (IMDRF) cybersecurity principles and practices.”
According to MedTechDive, the report states that “[m]ore than 80% of respondents see device security as a competitive advantage and almost every polled company increased its security budget this year. However, 78% of those surveyed indicated they are doing the minimum to achieve compliance and 80% view device security as a ‘necessary evil’ imposed by regulators.”
According to a press release by Cybellum, “[m]edical device cybersecurity has become an extremely complex challenge. With medical devices becoming software-driven machines, and the rapid pace at which cybersecurity risk evolves due to new vulnerabilities, complex supply chains, new suppliers, and new product lines, it has become seemingly impossible to keep the entire product portfolio secure and compliant at all times. It is now more important than ever to learn from peers and try to find the best way forward.”
The full text of the survey report can be found here.
Tags
cyber, cybersecurity, medical device cybersecurity, Medical Device Software, PSIRT