Many healthcare delivery organizations (HDOs) only begin thinking about medical device cybersecurity after the device is deployed, or when a vulnerability is discovered. This reactive approach leads to:

Procurement lacks security screening – devices are acquired without an adequate vendor risk assessment, security specification documentation (MDS2, SBOMs, etc), or contraction protections.
Onboarding processes are inconsistent – outside of traditional initial acceptance, HTM/CE should register all attributes, have coordinated practices and SOPs with IT, and harden devices at time of deployment.
Operational Security is minimal – most security activities are reactive, not embedding security practices within daily operations to ensure continuity and standardization.
Decommissioning is insecure – sensitive data is often left on devices, and network access is may not be revoked upon retirement.

What You’ll Learn

This course teaches how to embed cybersecurity into every phase of the device lifecycle, resulting in a defensible, proactive, security posture that doesn’t impede clinical workflows. During the duration of the course you will:

Understand how to operationalize cybersecurity across all device lifecycle stages.
Reduce risk exposure while meeting compliance and framework standards.
Support proactive security practices.
Operationalizing security practices within day-to-day activities.

Key Topics Include:

Development of an onboarding checklist (e.g., MDS2, SBOM, SOPs, Policies)
Evaluation of vendor contract language and cybersecurity provisions
How to conduct tailored vendor cybersecurity assessments
How to create an initial acceptance process, registering devices within the CMMS and IoMT visibility tools with detailed security data
Assigning a cyber risk classification during commissioning
Monitoring vendor patch availability and applying compensating controls
Securely wiping or destroying PII/PHI information and configuration data
Validating asset attributes and cyber information during preventative maintenance and corrective maintenance cycles
Documenting a chain-of-custody process

Participants will be able to:

Understand how to operationalize cybersecurity across all device lifecycle stages.
Reduce risk exposure while meeting compliance and framework standards.
Support proactive security practices.
Operationalizing security practices within day-to-day activities.

Medical Device Cybersecurity Module 2: Lifecycle in Focus

Duration

Format

Certificate + CEUs

Instructors

Register Today

Register Today

Questions?

Start the Conversation