Reviewed by Christian Espinosa, MBA, CISSP · Founder & CEO
Published May 2025 · Last reviewed May 2026
The Med Device Cyber Podcast · May 1, 2025 This episode of "The Med Device Cyber Podcast" delves into the evolution of medical device cybersecurity threats, offering essential insights for product security teams, regulatory leads, and engineers. Beginning with historical incidents like the Dick Cheney pacemaker concerns and Barnaby Jack's insulin pump hack, the discussion highlights the early recognition of wireless vulnerabilities in implantable devices. The conversation then transitions to the present, focusing on the FDA's 2026 guidance, which emphasizes designing secure medical devices throughout their entire lifecycle. The episode addresses the significant challenges posed by millions of legacy devices currently in the field and the industry's push for transparency through Software Bill of Materials (SBOMs) to articulate cybersecurity risks. Looking ahead, the episode explores future concerns such as autonomous surgical robots and the dual-edged sword of artificial intelligence in both defending and attacking medical infrastructure. Product security professionals and regulatory specialists will find the discussion on evolving threats, current regulatory landscape, and future considerations invaluable for mitigating risks and ensuring patient safety.
Key Takeaways
- Early medical device hacks, such as those involving pacemakers and insulin pumps, demonstrated critical vulnerabilities in wireless connectivity and the severe patient risks associated with them.
- The FDA's 2026 guidance has shifted the industry towards integrating cybersecurity throughout the entire medical device lifecycle, from design to disposal.
- Addressing the cybersecurity of millions of legacy medical devices in the field remains a significant challenge, requiring ongoing security research and responsible vulnerability disclosure.
- Transparency through Software Bill of Materials (SBOMs) is crucial for device manufacturers to articulate cybersecurity risks to healthcare providers and patients.
- The future of medical device cybersecurity will contend with emerging threats from autonomous surgical robots and the offensive and defensive applications of artificial intelligence.
- Proximity is not a sufficient security control for wireless medical devices, as specialized equipment can enable remote exploitation from significant distances.
Listen on mdcpodcast.com · Watch on YouTube
Listen to this episode
Want help applying this to your own device program?
Blue Goat Cyber is a specialist medical device cybersecurity firm: 250+ FDA submissions, zero rejections. If anything in this conversation hit close to home, book a 30-minute strategy session - no cost, no obligation.