2nd Annual Medical Device Cybersecurity Risk Mitigation Conference: Speaker Interview


Mike Kijewski


Mike will be one of the distinguished speakers at the 2nd Annual Medical Device Cybersecurity Risk Mitigation Conference.

Why is the 2nd Annual Medical Device Cybersecurity Risk Mitigation Conference important to medical device security and manufacturing teams?
The concern around medical device security has hit the mainstream. When family members start asking me if their pacemaker can be hacked, I know that this has become a big issue. If they want to be market leaders, medical device companies will need to convince their customers and patients that they’re providing the safest products possible. In the past, government regulators were not very vocal about their concerns around data security in devices. That has changed significantly over the last 18 months. Device vendors need to have a well-articulated and executed security strategy to ensure that products in their development pipelines will make it to market without regulatory problems. This conference is an excellent opportunity to learn what other medical device companies are doing to satisfy new regulatory requirements.


How has medical device cybersecurity evolved in the last several years?
Aside from changes in regulatory requirements, the biggest change in medical device cybersecurity in the past 18 months has been the focus that healthcare providers are giving it. Several prominent provider networks have started to include security requirements in their product procurement language. To me, this signals a future where device security is on par with safety and efficacy in the eyes of healthcare providers.


What initiatives are on the horizon at your organization in 2017?
MedCrypt offers a cybersecurity software framework designed specifically for medical devices. In 2017, we’re helping several device vendors integrate our software into a variety of devices, from small embedded systems to large capital equipment devices.


How do you see medical device cybersecurity evolving over the next 5-10 years?
Security will become a product differentiator for device manufacturers that do it well. Companies with leading security features will sell more devices. These market forces will drive vendors to make product security a high priority. Regulatory requirements will force medical device vendors to make security a part of product design; not simply post-market surveillance. Previously, device companies treated product security issues after they made themselves evident in the market. In the future, device companies will need to proactively work to secure devices before they are released.


Why is this conference important to you as an industry leader?
Having spoken with many device vendors, I have seen that most vendors are unaware that the security problems they are facing are common at other companies. The first step in moving our industry’s security forward is discussing issues that are common to many vendors.


If you had to describe medical device cybersecurity in one word, what would it be?


What topics are you most excited about for the conference program this year?
Device vendors partnering with security researchers. Tech companies like Google have avoided the ire of white-hat hackers by paying them through “bug bounty” programs. Until medical device vendors establish working relationships with the security community, vulnerability disclosures will continue to cause financial losses.


What are the “key takeaways” for your presentation/panel discussion?
Security needs to be thought of as a feature requirement. Not because companies are regulated to do so; because data security will be a key part of a medical device vendor’s market success in the future.