Why is cybersecurity labeling more than just a compliance checkbox for medical device companies?
In this episode, Christian and Trevor dive into the nuanced world of cybersecurity labeling for medical devices. They discuss the role of MDS2 and JSP2 documentation, labeling misconceptions, and how manufacturers can best disclose security information without overwhelming or misleading users.
Key points:
(6:30) Misconceptions About Cybersecurity Labeling
-
Many manufacturers worry that disclosing risks will aid hackers, but that's flawed thinking.
-
Distinctions between labeling as documentation and labeling as a control like a tamper-evident seal.
-
Everyday product examples to illustrate why transparency in labeling matters.
(12:45) How Much Detail Is Enough?
-
How deep a manufacturer should go with disclosures about encryption and risk.
-
Why more detail is generally better and how to balance tech jargon with user readability.
-
Different labeling needs based on whether a device is for consumers or hospitals.
(18:20) Context, Risk, and Communication
-
Why not encrypting unnecessary data can backfire if a consumer is misinformed.
-
How labeling must be contextual and tailored to a device’s function and data sensitivity.
Resources mentioned in this episode:
-
The Manufacturer Disclosure Statement for Medical Device Security (generally abbreviated as MDS2).
-
The Medical Device and Health IT Joint Security Plan, version 2 (JSP2).
The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com
If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session
Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.
Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/
Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/
Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/
Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/
Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber
Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9
Feedback? Questions? Contact: https://bluegoatcyber.com/contact/
Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/
Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial
The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.
Subscribe via Spotify: https://spoti.fi/3XX95g0
Subscribe via Apple Podcasts: https://apple.co/483OJ9I
Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts