Medical device cybersecurity: What to expect in 2022?

Cybellum released a survey report about medical device cybersecurity, along with trends and predictions for 2022.

Medical device cybersecurity has become an extremely complex challenge. With medical devices becoming software-driven machines, and the rapid pace at which cybersecurity risk evolves due to new vulnerabilities, complex supply chains, new suppliers, and new product lines, it has become seemingly impossible to keep the entire product portfolio secure and compliant at all times. It is now more important than ever to learn from peers and try to find the best way forward.

In this survey, security experts from hundreds of medical device manufacturers were asked, what their main challenges are and how they plan to address them in 2022, and beyond.

Here are some of the interesting things the survey revealed about medical device manufacturer’s security readiness:

• Respondents’ top security challenge is managing a growing set of tools and technologies, partly explained by the lack of high-level ownership
• 75% of respondents noted that they don’t have a dedicated senior manager responsible for device cybersecurity
• Almost 90% admitted they need to improve on key areas, such as SBOM analysis and compliance readiness
• Almost 50% increased their cybersecurity budget by more than 25% in 2022
• More than 55% of medical device manufacturers do not have a dedicated response team (PSIRT) in place

“We embarked on this survey to gain a more comprehensive understanding of the main challenges facing product security teams at medical device manufacturers, as part of our effort to help to better secure the devices,” said David Leichner, CMO at Cybellum. “Some of our findings were quite surprising and highlight serious gaps that exist both in processes for securing medical devices and in regulation compliance.”