Insights

Field notes from the MedTech security trenches.

Deep dives on FDA expectations, threat modeling, penetration testing, SDLC, and the standards your team is being asked to meet.

All (360)Primer (127)Podcast (70)FDA (46)Risk (19)Testing (14)Networking (11)Standards (11)Pen Testing (10)Identity & Access (8)Best Practices (7)IoT (6)AI & ML (5)Cryptography (5)Lifecycle (5)Quality (3)SDLC (3)Strategy (3)Threat Modeling (3)Web Security (2)Audits (1)Threat Intel (1)

Showing 12 of 360 articles · Page 24 of 30

Testing· Feb 23, 2024

Hardware Hacking Tools for Medical Device Cybersecurity Testing

A practical, authorized toolkit for medical device hardware security testing - RFID, SDR, Wi-Fi, HID, and lab essentials - plus FAQs.

#Testing

Read article

Primer· Feb 23, 2024

Understanding Threats to Medical Devices

Updated October 26, 2024 One of the hardest parts of the security process is the initial discovery phase of understanding what could go wrong. Cyber threats are constantly changing, with old attacks slowly becoming less common while new attacks rapidly pop up. Modern attack techniques target new tec

#Primer

Read article

Risk· Feb 22, 2024

WPA2 4-Way Handshake Vulnerabilities: What Medical Device Teams Need to Know About Wi-Fi Risk

Understand WPA2’s 4-way handshake, real risks like KRACK and weak passphrases, and practical mitigations for connected medical device Wi-Fi ecosystems.

#Risk #Networking

Read article

Primer· Feb 22, 2024

SUID Attacks in Medical Devices: Linux Privilege Escalation + Defenses

Learn how SUID attacks enable privilege escalation on Linux-based medical devices and how to prevent them with hardening, monitoring, and testing.

#Primer

Read article

Identity & Access· Feb 19, 2024

ACLs for Medical Device Cybersecurity: Access Control Guide

Use ACLs to enforce least privilege across device, cloud, and hospital networks - and produce FDA 524B-ready cybersecurity evidence.

#Identity & Access

Read article

Pen Testing· Feb 19, 2024

Non-Executable Stacks (NX/DEP) in Medical Devices: Preventing Buffer Overflow Exploits

Learn how non-executable stacks (NX/DEP) reduce buffer overflow risk in medical device software, plus practical implementation and verification guidance.

#Pen Testing

Read article

Networking· Feb 18, 2024

DNS Exfiltration in Medical Device Environments: Detection and Prevention

DNS exfiltration can bypass controls by hiding data in DNS queries. Learn detection signals and mitigations for medical device and healthcare networks.

#Networking

Read article

Primer· Feb 16, 2024

MDSAP Simplifies International Compliance

Explore how the Medical Device Single Audit Program (MDSAP) streamlines international compliance for medical devices.

#Primer

Read article

Standards· Feb 16, 2024

IMDRF: Harmonizing Med Device Regulations

Discover how the International Medical Device Regulators Forum (IMDRF) is working towards harmonizing global regulations for medical devices.

#Standards

Read article

Primer· Feb 16, 2024

What Is IMEI? The Unique Identifier for Cellular-Connected Medical Devices

What is an IMEI and why it matters for cellular-connected medical devices: inventory, incident response, lost/stolen playbooks, and common pitfalls.

#Primer

Read article

Risk· Feb 15, 2024

VM Escape in Medical Device Cybersecurity: Risk and Mitigations

VM escape breaks VM isolation to reach the host or hypervisor. Learn MedTech scenarios, controls, and evidence for FDA-aligned security.

#Risk

Read article

Pen Testing· Feb 15, 2024

Post-Exploitation Frameworks in MedTech: What Defenders Need

Learn what post-exploitation frameworks (like Empire) mean for medical device cybersecurity - plus detection priorities, controls, and testing guidance.

#Pen Testing

Read article

Ready when you are

Get FDA cleared without the cybersecurity headaches.

30-minute strategy session. No cost, no commitment - just answers from people who've shipped 250+ submissions.

Book strategy session Explore services