Scott Bristol
Information Security Manager


Scott has been a professional in the Information Technology field for over 18 years. He has experience in corporate IT; consulting; data center and hosting; commercial software support; and medic device and IT products. He has worked as a System Engineer as well as management and has led many cross functional interdepartmental teams. He currently works for Draeger Medical as their Product Security Manager, where he is the Subject Matter Expert responsible for defining and realizing the global cybersecurity strategy for all current & future Draeger Medical and Safety products to ensure products will meet customers’ and regularity agencies’ growing cybersecurity requirements.


Scott will be one of the distinguished speakers at the Medical Device Cybersecurity Risk Mitigation Conference.


Why is the Medical Device Cybersecurity Risk Mitigation Conference important to medical device security and manufacturing teams?
Medical device manufactures are familiar with patent safety risk mitigation but Cybersecurity Risk Mitigation requires specific knowledge about cybersecurity and a different rating and documentation system that are not well known yet to the industry.


How has medical device cybersecurity evolved in the last several years?
Awareness of the need for Cybersecurity has grown dramatically from the HDO’s and the public. Manufacturer can no longer claim that their devices don’t have to follow security best practices. We also now have proof the 1. Hospitals are targets for cyber-attacks and 2. Many medical devices lack even the most basic security controls.


What initiatives are on the horizon at your organization in 2016?
We are focusing on increasing the Security skill set of our staff, evaluation legacy systems, and implementing SDL practices in our development lifecycle.


How do you see medical device cybersecurity evolving over the next 5-10 years?
I think it will continue to mature and manufactures will have to find creative ways to meet security controls and still not block access to care. I also think that the caregivers as the “users” of the device will become more tolerant to “interruptions” in their workflow to allow for security measures.


Why is this conference important to you as an industry leader?
Because Security is a continuum, I am always challenged with the question, “How much is secure enough?” This comes down to the security risk tolerance of our buyer, HDO right now the only way to gauge that is by meeting with peers and customers.


If you had to describe medical device cybersecurity in one word, what would it be?


What topics are you most excited about for the conference program this year?
Device hardening and security update methodologies.