If you’ve ever onboarded a connected medical device into a hospital network, you’ve seen it: a MAC address like 00:1A:2B:3C:4D:5E. It shows up in DHCP reservations, switch port logs, wireless controllers, asset inventories, and “why won’t this device connect?” troubleshooting.
So why are MAC addresses written in hexadecimal instead of decimal or binary? Because hex is the most readable way to display the device’s underlying binary identifier—and it maps cleanly to how networking hardware represents bytes.
What a MAC address is (quick refresher)
A MAC address is a Layer 2 identifier used in Ethernet and many Wi-Fi workflows to label the source and destination of frames on a local network segment. In the classic form, it’s a 48-bit value (6 bytes) often referred to as EUI-48 / MAC-48.
IEEE registration guidance describes these identifiers and how they’re represented as octets in hex (e.g., “AC-DE-48”). That “pairs of hex digits” style is not random—it’s intentional. IEEE RA guidelines for EUI/OUI/CID
Why hexadecimal is used
Hexadecimal (base-16) is used because it’s a compact way to represent binary data:
- 1 hex digit = 4 bits
- 2 hex digits = 1 byte (8 bits)
- A 48-bit MAC address = 6 bytes = 12 hex digits
That’s why MAC addresses are commonly displayed as six “byte pairs,” like 00:1A:2B:3C:4D:5E. Cisco’s networking texts explain this mapping clearly: Ethernet (MAC) addresses are represented in hex because it’s readable and aligns with the underlying bits and bytes. Cisco Press: MAC addresses and hexadecimal
Why not decimal (or why you don’t want to read MACs in base-10)
You could represent 48 bits in decimal, but it becomes long and error-prone. Hex is the practical middle ground:
- Compact (12 characters instead of a long decimal number)
- Byte-aligned (you can “see” the 6 bytes)
- Easy to convert back to binary when validating protocol fields
OUIs: what the “first part” of a MAC address often tells you
Many MAC addresses begin with an organizational identifier commonly called an OUI (Organizationally Unique Identifier). IEEE assigns these identifiers, and manufacturers use them as the prefix for generating globally unique EUI-48 values. IEEE RA EUI/OUI/CID guidelines
MedTech reality: OUIs can be useful in troubleshooting (“does this look like our NIC module vendor?”), but they’re not a security control and they’re not proof of identity.
Why this matters for medical device cybersecurity (the part hospitals and FDA reviewers care about)
Knowing why MAC addresses are hex is nice. Knowing how MAC addresses behave in real environments is what reduces cybersecurity and deployment friction.
1) Network onboarding and support: be precise in labeling and docs
Hospitals and integrators commonly use MAC addresses for operational tasks like:
- DHCP reservations
- Switchport identification
- Wireless controller enrollment
- Asset inventory correlation
What manufacturers can do: publish MAC addresses consistently in device labeling, IFU/installation docs, and support procedures. State the exact format you display (colons vs hyphens vs none), and avoid mixing formats across UI screens and PDFs.
If you’re building FDA-facing cybersecurity labeling, make sure interfaces and network dependencies are documented cleanly (including what the customer needs to configure securely). Medical device cybersecurity labeling requirements
2) MAC address ≠ identity (don’t use it as “authentication”)
MAC addresses can often be changed in software (spoofed). That means MAC-based allowlisting can help with basic operations, but it should not be your “security boundary” for preventing unauthorized access.
Better approach for higher assurance:
- Use strong authentication (certificates/mTLS where feasible)
- Segment networks to limit blast radius
- Restrict outbound destinations (egress allowlisting)
- Monitor for new or unusual devices/traffic patterns
For manufacturers, these choices belong in your security architecture and threat model evidence—not just in a hospital “best effort” network guide.
3) Asset inventory and incident response: MAC is a useful clue
In investigations, MAC addresses are often used to correlate:
- A physical port or access point association
- Time-based DHCP lease history
- Observed network conversations (pcaps, logs)
This is one reason medical device teams should understand MAC notation and how it appears across tools—especially when different systems display the same MAC differently.
Common MAC address formats you’ll see in the field
These formats represent the same underlying bytes:
- Colon-separated: 00:1A:2B:3C:4D:5E
- Hyphen-separated: 00-1A-2B-3C-4D-5E
- No separators: 001A2B3C4D5E
If your support team works with hospitals, it’s worth including a one-liner in your documentation: “MAC addresses may appear with different separators; the value is the same.”
Key takeaways
- MAC addresses are shown in hexadecimal because hex maps cleanly to binary: 1 hex digit = 4 bits, so a 48-bit MAC becomes 12 hex digits.
- IEEE’s EUI/OUI guidance explains the octet-based hex representation used across networking tools.
- In MedTech deployments, MAC addresses are operationally important for onboarding and troubleshooting—but MAC is not strong identity and should not be treated as authentication.
- Standardizing MAC address presentation in labeling and documentation reduces hospital integration friction.
FAQs
Why are MAC addresses written in hexadecimal instead of binary?
Hex is a compact, human-readable way to represent binary data. Because 1 hex digit equals 4 bits, a 48-bit MAC address can be shown as 12 hex digits (six byte pairs). Cisco Press reference
What is the standard length of a MAC address?
The classic Ethernet MAC address is typically 48 bits (6 bytes), often referred to as EUI-48 / MAC-48. IEEE RA guidance
What is an OUI in a MAC address?
An OUI is an organizational identifier assigned through IEEE registration processes and commonly used as the prefix for generating unique EUI-48 identifiers. IEEE RA guidance
Can attackers spoof a MAC address?
Often, yes. Many operating systems allow MAC addresses to be changed in software. Treat MAC addresses as operational identifiers (inventory/troubleshooting), not as a strong security credential.
Do MAC addresses matter for FDA medical device cybersecurity?
MAC addresses themselves aren’t “the control,” but they show up in real deployments, secure configuration guidance, and troubleshooting. FDA-aligned evidence typically focuses on secure-by-design controls (auth, encryption, least privilege, logging, secure updates) and clear documentation of interfaces and network dependencies. Cybersecurity labeling guidance
Why do different tools show the same MAC in different formats?
Some tools use colons, others use hyphens, and some remove separators. The underlying bytes are the same. Normalizing format in your documentation reduces configuration errors.
Conclusion
MAC addresses are written in hex because it’s the simplest way for humans to work with a 48-bit binary identifier. For medical device manufacturers, the bigger win is operational: document MAC information consistently, expect format differences in customer tools, and never treat MAC as your security boundary.
Book a Discovery Session
If you want help translating network realities (interfaces, segmentation, onboarding steps, logging) into FDA-ready cybersecurity evidence, we can help.