Insights

Field notes from the MedTech security trenches.

Deep dives on FDA expectations, threat modeling, penetration testing, SDLC, and the standards your team is being asked to meet.

Threat Modeling· Jun 25, 2026

TARA for Medical Devices: FDA Premarket Threat Analysis

How Threat Analysis and Risk Assessment (TARA) fits FDA premarket cybersecurity, AAMI TIR57, and ISO 14971 for medical device manufacturers in 2026.

#Threat Modeling#FDA Premarket#Risk Management

Read article

Risk Management· Jun 25, 2026

Design FMEA for Medical Devices: dFMEA, ISO 14971 & Cybersecurity

How to run a design FMEA (dFMEA) for a connected medical device, link it to the ISO 14971 risk file, and hand off cyber-triggered failure modes to the threat model the FDA expects.

#dFMEA#FMEA#ISO 14971

Read article

SPDF· Jun 25, 2026

CI/CD Security Gates for Medical Devices: SPDF in Practice

How to wire SAST, SBOM, secrets, container, and signature gates into a medical-device CI/CD pipeline so the SPDF produces the evidence FDA reviewers expect under the Feb 3, 2026 guidance.

#SPDF#CI/CD#DevSecOps

Read article

Compliance· Jun 23, 2026

FDA Cybersecurity Failure Consequences for Medical Devices

What happens if you fail an FDA cybersecurity inspection: the 483-to-consent-decree enforcement ladder and the commercial fallout for device makers.

#FDA#Postmarket#Enforcement

Read article

Compliance· Jun 23, 2026

Documenting Update Cadence for an FDA 524B Submission

How to document update cadence for an FDA 524B submission: the regular cycle and the out-of-cycle expedited path reviewers expect under 524B(b)(2)(B).

#Section 524B#Premarket#Patching

Read article

Compliance· Jun 23, 2026

Does FDA Section 524B Apply to Legacy Devices?

FDA Section 524B applies to any new premarket submission for a cyber device, including legacy platforms. What attaches, what postmarket rules cover the rest.

#Section 524B#Legacy Devices#Postmarket

Read article

SDLC· Jun 23, 2026

SPDF vs SSDLC: What Medtech Teams Get Wrong

SPDF vs SSDLC for medical devices. Why the FDA's Secure Product Development Framework demands more than a standard Secure SDLC, and what to add.

#Primer

Read article

Pricing· Jun 20, 2026

How Much Does Medical Device Cybersecurity Cost in 2026?

What medical device cybersecurity actually costs in 2026 - the four cost drivers, fixed-fee vs hourly pricing, premarket vs postmarket budget lines, and the cost of delay.

#Pricing#Budget#FDA

Read article

FDA· Jun 18, 2026

SPDF and IEC 62304 Mapping: FDA Cyber Guide

How SPDF activities map to IEC 62304 software lifecycle processes - the exact crosswalk FDA reviewers expect, where they overlap, and where 62304 falls short.

#SPDF#IEC 62304#FDA

Read article

Postmarket· Jun 18, 2026

H-ISAC and Where to Monitor Medical Device Cybersecurity Threats in 2026

The threat intelligence sources medical device manufacturers should monitor to satisfy FDA Section 524B postmarket obligations: H-ISAC, CISA KEV, ICS advisories, NVD, MITRE ATT&CK for ICS, and vendor PSIRTs.

#H-ISAC#Threat Intelligence#CISA KEV

Read article

Compliance· Jun 18, 2026

FDA Section 524B Explained Subsection by Subsection: What Each Requirement Means in 2026

A subsection-by-subsection walkthrough of FDA Section 524B for cyber medical devices: what 524B(a), (b)(1), (b)(2), (b)(3), (b)(4), and (c) require, what artifacts satisfy each, and the deficiency patterns reviewers flag most.

#Section 524B#FDA#Premarket

Read article

Compliance· Jun 18, 2026

CAPA and Medical Device Cybersecurity: Closing the Loop on Vulnerabilities and FDA Deficiencies

How to run CAPA for medical device cybersecurity findings: when a vulnerability or FDA deficiency triggers a CAPA, what evidence closes it, and how the QMSR loop ties to 524B postmarket obligations.

#CAPA#QMSR#FDA

Read article

Ready when you are

Get FDA cleared without the cybersecurity headaches.

30-minute strategy session. No cost, no commitment - just answers from people who've shipped 250+ FDA submissions.