Cybersecurity for ventilators, CPAP/BiPAP, oxygen concentrators, and connected respiratory therapy.
Ventilators and respiratory therapy devices sit on a safety-critical control loop where a compromised setpoint can directly affect oxygenation. The Philips Respironics recalls and the ICU/home-vent connectivity push have moved this segment to the top of the FDA's postmarket scrutiny list. We deliver premarket and postmarket cybersecurity packages tuned to the ventilator-to-clinical-network path, the home/cloud telemetry backhaul, and the long deployed service life of capital respiratory equipment.
Tidal volume, PEEP, FiO2, and alarm-threshold writes are safety-critical state - any path that can modify them (touchscreen service mode, clinical network, USB service port, cloud) must be authenticated, integrity-protected, and audited.
Ventilators live on flat clinical VLANs alongside biomed laptops and vendor service tools - the threat model must treat the hospital network as hostile and document compensating controls.
CPAP/BiPAP and home-vent cloud platforms ingest adherence and pressure data from millions of devices - multi-tenant authorization, fleet-management abuse, and patient-portal account takeover are recurring findings.
Embedded Windows/Linux versions inside vents commonly go EOL mid-deployment - the postmarket plan must document compensating controls and a defensible patch cadence.
Ventilators and respiratory platforms span the bedside touchscreen, the clinical VLAN, vendor remote-service tooling, and increasingly a cloud backhaul carrying adherence and pressure data from millions of home devices. Setpoint and alarm integrity is the safety-critical state every layer has to protect.
Layers shown outermost (top) to innermost (bottom). Dashed rows are part of the surrounding system but out of scope for this view.
Ventilator and respiratory-platform incidents combine documented network-stack disclosures (URGENT/11), monitor-side advisories that affected vent-adjacent platforms, and the broader pattern of long-tenure capital equipment running EOL embedded operating systems on flat clinical VLANs.
Historical incidents
The October 2019 URGENT/11 disclosure covered eleven vulnerabilities in the VxWorks IPnet TCP/IP stack used across many connected ventilators, anesthesia workstations, and patient monitors. The FDA Safety Communication directed manufacturers across these categories to assess and disclose exposure.
FDA Safety Communication, Oct 1 2019CISA ICSMA-19-274-01
ICS-CERT advisory ICSMA-19-190-01 disclosed CVE-2019-10966 in GE Aestiva and Aespire anesthesia workstations - on serial-to-Ethernet terminal-server deployments, an attacker on the connected network could silence alarms, alter device parameters, and modify the time and date.
CISA ICSMA-19-190-01CVE-2019-10966
Multiple connected CPAP/BiPAP and home-vent platforms have disclosed cloud-platform incidents affecting adherence and pressure data at fleet scale. Reviewers cite these patterns when evaluating multi-tenant cloud architectures supporting respiratory therapy.
Active threat scenarios
Service or management protocols exposed on the clinical VLAN that permit tidal volume, PEEP, FiO2, or alarm-threshold writes without strong authentication are a direct patient-safety hazard.
Compromise of the home-platform fleet-management plane can affect settings, OTA payloads, or telemetry across many patient devices simultaneously - segmentation, signed updates, and anti-rollback are the controls reviewers expect to see exercised.
Vendor service tunnels and biomed-laptop service workflows have been entry points into capital respiratory equipment - the postmarket plan must address them as a continuous surface.
Embedded OS components reach EOL while ventilators stay in service; the absence of a documented per-generation compensating-controls plan is a deficiency-letter pattern.
What FDA reviewers cite
Ventilation is the canonical safety-critical control loop in medicine - a compromised tidal volume, PEEP, or alarm setpoint can produce direct patient harm at fleet scale across ICU, OR, and home settings.
Touchscreen service mode, clinical-network protocols, USB service port, and cloud paths all need to be enumerated and tested - missing any one is a deficiency reviewers will flag.
Home vents and CPAP/BiPAP live on consumer Wi-Fi with no IT staff; the device has to be safe by default and the cloud backhaul has to assume the home network and paired phone are compromised.
Adherence and pressure cloud platforms serve millions of devices - tenant separation, BOLA, and fleet-wide command abuse have outsized blast radius and need explicit testing.
Embedded OS components inside vents routinely go EOL mid-deployment - the postmarket plan must document compensating controls and a defensible patch cadence under treatment-availability constraints.
Standards & deliverables
Six deliverables FDA and notified bodies expect across MedTech, with the respiratory / ventilation-specific wrinkle on each row. Use it as a scoping checklist before you brief vendors or your QA team.
| Deliverable | Status | Cadence | Standard / guidance | Respiratory / Ventilation note |
|---|---|---|---|---|
| SBOM + VEX Machine-readable SBOM (CycloneDX/SPDX) plus VEX feed for every CVE that touches a listed component. |
Required | Premarket + monthly refresh | FDA Cybersecurity Guidance §V · CISA SBOM minimum elements | SBOM must call out embedded OS versions, RTOS stacks, network components, and any cellular modem firmware - URGENT/11 reach in this segment is reviewer-visible. |
| Postmarket monitoring Continuous CVE / advisory monitoring against the SBOM, with a documented triage and disclosure path. |
Required | Continuous (≤30-day triage) | FD&C Act §524B · FDA Postmarket Cybersecurity Guidance | Postmarket plan must address EOL-OS compensating controls across 10-15 year service lives plus the cloud fleet-management plane behind home devices. |
| Penetration test scope Black/grey-box testing across device, wireless interfaces, mobile apps, cloud APIs, and service tooling. |
Required | Premarket + on material change | AAMI TIR57 · FDA Premarket Cyber Guidance §VI.A.5 | Pen test must include setpoint and alarm-state write paths (touchscreen service mode, clinical-network protocols, USB service port, cloud) plus multi-tenant cloud BOLA. |
| Threat model STRIDE-per-interface threat model with documented mitigations and residual-risk acceptance. |
Required | Premarket, refreshed each design change | AAMI TIR57 · FDA Premarket Cyber Guidance §V.A | Treat the clinical VLAN, the home Wi-Fi, and the paired phone as hostile; model setpoints and alarm state as safety-critical writable state. |
| Secure update mechanism Signed firmware/software updates with rollback protection, integrity verification, and staged rollout. |
Required | Designed premarket, exercised lifecycle-long | FDA Cyber Guidance §IV · IEC 81001-5-1 | Field updates need authenticated, signed, rollback-safe channels - documented in the SPDF for both clinical and home devices. |
| Coordinated Vulnerability Disclosure Public CVD policy, intake channel, and SLAs for triage, fix, and customer communication. |
Required | Continuous, lifecycle-long | ISO/IEC 29147 + 30111 · Section 524B(b)(2) | CVD policy must accept reports from biomed engineers, respiratory therapists, and home-care providers, not just security researchers. |
Machine-readable SBOM (CycloneDX/SPDX) plus VEX feed for every CVE that touches a listed component.
Continuous CVE / advisory monitoring against the SBOM, with a documented triage and disclosure path.
Black/grey-box testing across device, wireless interfaces, mobile apps, cloud APIs, and service tooling.
STRIDE-per-interface threat model with documented mitigations and residual-risk acceptance.
Signed firmware/software updates with rollback protection, integrity verification, and staged rollout.
Public CVD policy, intake channel, and SLAs for triage, fix, and customer communication.
Ventilation is the canonical safety-critical control loop in medicine, and the Philips Respironics recalls plus the COVID-era surge in connected home-vent and CPAP/BiPAP cloud platforms put the segment under sustained postmarket scrutiny. Reviewers expect a threat model that explicitly enumerates every path that can modify tidal volume, PEEP, FiO2, or alarm thresholds, with positive evidence of authentication and integrity on each one, plus a postmarket plan that survives the 10-15 year service life of capital respiratory equipment.
We treat the clinical VLAN as hostile by default. Scope includes the device's exposed services (HL7, web service ports, vendor management protocols), SNMP and remote-service tooling, network-time and DNS dependencies, and any biomed-laptop-attached service paths. Findings are mapped back to the threat model so the SPDF documents which controls hold and which require operational compensating controls in the IFU and MDS2.
Yes. The cloud platform is scoped as its own system: multi-tenant authorization (BOLA on adherence and pressure data is the recurring finding), patient-portal account takeover, fleet-management abuse, provider/payer tenant separation, and the OTA path back to the home device. Findings on the cloud are tied back to the device threat model so the system view stays coherent and reviewable.
Embedded Windows or Linux versions inside ventilators routinely go EOL mid-deployment. The postmarket plan documents the affected configuration matrix, the compensating controls (network segmentation, service-port lockdown, restricted application allowlisting), and the migration roadmap. The SPDF references the matrix so reviewers and hospital biomed see the same story.
Anesthesia ventilation modules share the ventilator threat model but add the OR-network and gas-delivery interfaces. We scope anesthesia workstations alongside ICU vents when manufacturers ship both - the SBOM and threat model are shared, with anesthesia-specific essential performance (IEC 60601-2-13) and OR-integration paths called out separately.
For a connected ICU or home ventilator with cloud monitoring, end-to-end premarket cyber work runs 10-14 weeks. Threat modeling and SBOM front-load in weeks 1-4, pen testing across device, clinical network, cloud, and patient portal runs in weeks 4-11, and the consolidated submission package and postmarket plan close in the final weeks - all under a written clearance guarantee.
Setpoint-integrity threat models, clinical-network pen testing, and cloud-backhaul testing for ICU, anesthesia, and home respiratory platforms.
"Blue Goat Cyber's depth of expertise was impressive. We had no in-house cybersecurity experience, and their team guided us through every step of the FDA process. The penetration testing and SBOM testing were thorough and gave us complete confidence."
Cybersecurity for ventilators, CPAP/BiPAP, oxygen concentrators, and connected respiratory therapy.
