The authors of Medical Device Cybersecurity for Engineers and Manufacturers explain the need to secure medical devices in the market today:
The medical device industry was the first industry to be regulated to produce secure embedded devices, which left manufacturers in the odd position of being trailblazers in what is often unfamiliar territory. Secure development has nothing in common with the practice of medicine; instead, it has everything to do with subtlety of design, quality of implementation, the right testing strategy, understanding the threat landscape, and awareness of potential attack vectors used by malicious actors. How to balance these concerns with the creation of a new medical device is the overriding topic of our new book, Medical Device Cybersecurity for Engineers and Manufacturers.
Approaches for incorporating secure development practices into the development lifecycle have not been taught in traditional educational programs until very recently. Models and best practices specific to the medical device environment have not been available. There are many domestic and international standards for securing medical devices (and IoT in general). However, these guidelines are not harmonized and do not provide sufficient details to successfully implement such a program; in other words, they provide the “what” but not the “how.”
Lack of training and matured resources for all levels of engineers, project managers, and senior leadership is a critical shortfall. It has been difficult for medical device manufacturers (MDMs) to produce proactively secured devices and to constructively engage with regulators and potential customers about cybersecurity.
Recognizing these challenges, and after a long history of working with MDMs and healthcare delivery organizations (HDOs), we were inspired to author Medical Device Cybersecurity for Engineers and Manufacturers. Our book provides guidance on how to adopt a secure medical device lifecycle that is repeatable, maintainable, produces the right artifacts needed for regulatory submission, and actually improves the security standing of the individual medical device as well as the larger device ecosystem. We’re very pleased to be able to offer it now!