Healthcare IT News: Tips on Medical Device Security from the Product Leaders’ Perspective
NetSPI’s medical device security roundtable was featured in Healthcare IT News in an article recapping the virtual event. Read the preview below or read it online here.
+ + +
Medical device innovations have enhanced healthcare and improved patient care, but they present a broad attack surface for healthcare organizations.
NetSPI, a security service company, hosted medical device product security experts to talk about the business and challenges of securing connected technologies in healthcare. They addressed sharing information across teams throughout the product lifecycle, building product security teams, legislative changes governing the space and strategies to increase the pipeline of talent.
Where does product security sit within the enterprise?
Matt Russo, senior director of product security at Medtronic, Curt Blythe, director of product security at Abbott and Matt Weir, principal cybersecurity engineer at MITRE, all agreed that, regardless of where product security teams sit, they need to be partners in product development.
Where it makes sense from a scale and efficiency perspective, there’s one team dedicated to scanning devices as a centralized function with a distributed model, Blythe said.
But the key point is embedding design and security practices into what developers do every day, which ultimately enables them to move fast, “but in a safe way.”
Russo said that at Medtronic, “You can really see that across the landscape.”
While resource restrictions make centralized product security functions more feasible, and they generally work for Medtronic and other large organizations, he said many device companies need to look at the technical aptitude of security teams.
Is product security just a part of what they do?
Weir noted that it’s hard to have a dedicated security team if you have a small product base.
“The big thing though is that you do have that integration during your product development lifecycle,” he said.
When medical device developers try to add cybersecurity later into the process, it makes it much harder to be successful, he added. Weir advised integrating product security as early as possible into the product life cycle, and continuing communication as products evolve.
Product security specialists bring visibility into systems. They can then see how the devices are being used, and they are better positioned to recommend mitigations, he said.
Continue reading at Healthcare IT News: https://www.healthcareitnews.com/news/tips-medical-device-security-product-leaders-perspective
Explore More News
VM Blog: Five Security Shifts that Will Define 2026
Joe Evangelisto outlines several critical shifts demanding executive attention. As organizations move from open AI experimentation to governed application, leaders must implement safeguards to manage data exposure and ensure system integrity.
DataCenter Knowledge: Defending at Scale – The Importance of People in Data Center Security
As the demand for AI, cloud computing, and digital infrastructure drives rapid data center expansion, the importance of robust security measures has never been greater. In a recent conversation, Dalin highlights why human factors remain central to effective data center security, even in an era of advanced technology.
Security Week: Exploring AI-Assisted Social Engineering Attacks to Help Prepare Leaders for What Lies Ahead in 2026
SecurityWeek interviewed NetSPI’s Director of Social Engineering, Patrick Sayler, for Cyber Insights 2026 exploring AI-assisted social engineering attacks to help prepare leaders for what lies ahead in 2026.