MDMs' proactive response to cybersecurity highlights the collaboration between MDIC and Booz Allen to assess cybersecurity maturity in the medical technology industry, emphasizing the need for proactive measures and providing recommendations for improvement.
What is the current state of cybersecurity maturity among medical device manufacturers?
The cybersecurity maturity among medical device manufacturers varies, with the industry as a whole showing a low level of maturity. According to the 'Medical Device Cybersecurity Maturity Industry Benchmark Report,' released in October 2022, average Capability Maturity Model Integration (CMMI) scores are as follows: Organizational structure: 1.68, Risk management: 1.47, Design control: 1.42, and Complaint handling: 1.47.
What steps are MDMs taking to improve cybersecurity practices?
MDMs are encouraged to enhance their cybersecurity practices by focusing on areas where they scored low, such as briefing organizational leadership on product security policies, assessing third parties for security, establishing end-of-life support dates for third-party components, and remediating medium-to-critical severity vulnerabilities within a recommended 60-day window after discovery.
What challenges do MDMs face in implementing cybersecurity measures?
MDMs face challenges such as a lack of formalized security plans throughout the product lifecycle, with 71% not having these plans in place. Additionally, while 70% report a maturity level of Managed or above regarding security testing during the Design Control phase, a similar percentage indicates they are at an Initiated level or below for critical cybersecurity processes like hardening standards, system patching, and vulnerability scanning.
Sign in with LinkedIn