Hand touching virtual screen with heart rate

Medical Device Cybersecurity Module 8: Navigating the Rules

Asynchronous Icon

Duration

3 Hours

Curriculum Icon

Format

Blended Learning 
(Virtual + Self-paced)

Flexibility Icon

Certificate + CEUs

Earn Certificate of completion 
+ 0.3 CEUs

Strong Network Icon

Instructors

Matt Dimino and Toby Gouker
Experts, Practitioners, and Executive Leaders in Medical Device Security

This course provides a structured, practical approach to navigating medical device security regulations by translating rules and standards into actionable, HTM-friendly practices. 

Participants will learn how to leverage authoritative resources to improve device visibility, strengthen documentation, and apply risk-based decision-making aligned with regulatory intent rather than checkbox compliance. The course emphasizes cross-functional collaboration, sustainable governance, and future-ready strategies that account for emerging threats, evolving regulations, and the realities of medical device lifecycles. By focusing on clarity, prioritization, and practical execution, learners will be equipped to build resilient medical device security programs that protect patients, support clinical operations, and withstand regulatory and audit scrutiny.

Register Today

In 2024, 67% of healthcare organizations were hit by ransomware, and 77% were targeted by such attacks in the prior year, with 53% paying a ransom when hit.
 

As of August 2025, there are 1.2 million internet-connected healthcare devices and systems publicly accessible online, including MRI scanners, X-rays, CT devices, DICOME viewers, and hospital management platforms.

Health-ISAC and other industry reports documented a significant year-over-year increase in vulnerabilities in medical products and devices — a trend that reinforces risk accumulation if not managed.

When cybersecurity leadership owns medical device security, coverage of best practices increases ~18 percentage points.
 

Key topics include:

  • Discussing, identifying, and applicability of CMS, CDRH, and the FDA
  • Cross-referencing guidelines and standards to support your program (HITRUST, 405d, NIST CSF, MITRE, ISO/ANSI, etc)
  • Discuss how to map and use the standards and guidelines to your maturity model and desired program outcomes
  • Discuss how to train and retain talent
  • Identification of security tool needs and business case justification
  • Discuss best practices for tools and supporting

Participants will be able to:

  • Improved alignment between HTM, IT, cybersecurity, compliance, and clinical stakeholders
  • Greater clarity in interpreting and operationalizing FDA, NIST CSF, 405d, and HICP guidance
  • Increased confidence during audits, assessments, and regulatory reviews
  • Stronger incident preparedness and more coordinated response involving medical devices
  • Reduced operational risk while maintaining clinical availability and patient safety
  • A future-ready foundation for adapting to emerging threats and regulatory changes

Register Today

Questions?

Interested in learning more about this module or how it fits into your organization’s needs?

Start the Conversation