Healthcare IT News: Tips on Medical Device Security from the Product Leaders’ Perspective
NetSPI’s medical device security roundtable was featured in Healthcare IT News in an article recapping the virtual event. Read the preview below or read it online here.
+ + +
Medical device innovations have enhanced healthcare and improved patient care, but they present a broad attack surface for healthcare organizations.
NetSPI, a security service company, hosted medical device product security experts to talk about the business and challenges of securing connected technologies in healthcare. They addressed sharing information across teams throughout the product lifecycle, building product security teams, legislative changes governing the space and strategies to increase the pipeline of talent.
Where does product security sit within the enterprise?
Matt Russo, senior director of product security at Medtronic, Curt Blythe, director of product security at Abbott and Matt Weir, principal cybersecurity engineer at MITRE, all agreed that, regardless of where product security teams sit, they need to be partners in product development.
Where it makes sense from a scale and efficiency perspective, there’s one team dedicated to scanning devices as a centralized function with a distributed model, Blythe said.
But the key point is embedding design and security practices into what developers do every day, which ultimately enables them to move fast, “but in a safe way.”
Russo said that at Medtronic, “You can really see that across the landscape.”
While resource restrictions make centralized product security functions more feasible, and they generally work for Medtronic and other large organizations, he said many device companies need to look at the technical aptitude of security teams.
Is product security just a part of what they do?
Weir noted that it’s hard to have a dedicated security team if you have a small product base.
“The big thing though is that you do have that integration during your product development lifecycle,” he said.
When medical device developers try to add cybersecurity later into the process, it makes it much harder to be successful, he added. Weir advised integrating product security as early as possible into the product life cycle, and continuing communication as products evolve.
Product security specialists bring visibility into systems. They can then see how the devices are being used, and they are better positioned to recommend mitigations, he said.
Continue reading at Healthcare IT News: https://www.healthcareitnews.com/news/tips-medical-device-security-product-leaders-perspective
Explore More News
AI’s Role in the Next Era of Pentesting
This article discusses how AI can accelerate penetration testing, but without human expertise to validate findings and apply business context, organizations risk confusing faster output with stronger security.
Why Continuous Security Validation is Becoming a Security Imperative
CTO Magazine interviewed NetSPI's Field CISO, Nabil Hannan, for a June 11, 2026, article about how cloud-native architectures, continuous deployment pipelines, APIs, and AI-assisted development have accelerated change across enterprise environments.
Canvas breach puts global education cyber risk in focus
ITBrief interviewed NetSPI's Field CISO, Nabil Hannan, for a May 24, 2026 article about a major data breach in Instructure's Canvas learning management system disrupting final exams at universities.