Reviewed by Christian Espinosa, MBA, CISSP · Founder & CEO
Published May 2025 · Last reviewed May 2026
The Med Device Cyber Podcast · May 1, 2025 This episode of The Med Device Cyber Podcast delves into the critical cybersecurity risks associated with medical device interoperability. Hosts Christian Espinosa and Trevor Slatterie explore the concept of \
Key Takeaways
- A significant risk in interoperability is the \"second-order attack,\" where a vulnerability in one system is exploited to compromise another connected system.
- Manufacturers must prioritize data integrity by rigorously checking and validating all data entering and leaving a medical device to ensure its authenticity and security.
- For medical device manufacturers, carefully considering the extent of control they have over connected components is crucial in determining what falls under their interoperability security responsibilities.
- Restricting physical and logical access to interoperable ports and ensuring proper configuration of third-party platforms like EMR systems and cloud services are essential security measures.
- While proprietary protocols can be useful for novel technologies, leveraging battle-tested, open-source solutions like the DICOM toolkit for standard data transfers is generally preferable due to their proven security and active support.
- Interoperability in medical devices introduces unique cybersecurity challenges, especially concerning \
- second-order attacks\
- where a compromise in one system can cascade to others. This episode emphasizes the critical need for medical device manufacturers and healthcare delivery organizations (HDOs) to address these risks. Key discussions include the accelerating trend of interoperability in healthcare, driven by the need for consolidated patient data and AI analytics, contrasting with the slower pace of security awareness. The hosts highlight vulnerabilities in widely connected systems, citing examples of misconfigured EMR systems exposed to the internet. For manufacturers, crucial considerations revolve around data integrity - validating all incoming and outgoing data - and securing communication channels like Bluetooth and APIs. The episode also touches on the debate surrounding proprietary protocols versus established open-source solutions like DICOM, advocating for the latter's proven security and widespread adoption. Ultimately, robust cyber hygiene and careful control over external components are presented as paramount for navigating the complex landscape of medical device interoperability.
Listen on mdcpodcast.com · Watch on YouTube
Listen to this episode
Want help applying this to your own device program?
Blue Goat Cyber is a specialist medical device cybersecurity firm: 250+ FDA submissions, zero rejections. If anything in this conversation hit close to home, book a 30-minute strategy session - no cost, no obligation.