Medical Device Security: Evolving Risk Management, Transparency, and Federal Guidance

Session Organizer: Keith Vargo, University of Minnesota
Moderator: Allison Hubel, University of Minnesota

In an era marked by technological advancements, the integration of new technologies and improved connectivity into medical devices has revolutionized patient care outcomes. However, this rapid evolution has also come with significant cybersecurity challenges that threaten patient safety and privacy. This panel session delves into three critical aspects of medical device security:

  • Incorporating an Attacker Mindset in Device Security Risk Management
  • FDA Cybersecurity Requirements for Submission
  • Building Trust in Medical Device Cybersecurity Through Transparency.

The session will also include a 30-minute panel discussion about the nuances and recommended approaches for securing medical devices throughout the device lifecycle.

Expand all

Incorporating an Attacker Mindset in Device Security Risk Management

Cyberattacks against the healthcare technology sector are rapidly increasing with no signs of slowing down. As healthcare environments become more connected, makers of connected medical devices need to think like an attacker when designing product security controls in their devices, specifically when assessing risk. This presentation discusses practical steps for using an attacker’s mindset as an element in overall product security risk management and threat modelling.

Emily Holmquist - DMD speakers

Emily Holmquist
Medical Device Security Technical Lead, Sternum

Emily is a Technical Lead at Sternum, a leading provider of autonomous security and observability solutions for medical devices. She has over 10 years of experience in research and development engineering, specializing in product security for the healthcare industry. Emily provides technical guidance and support to medical device manufacturers who use Sternum's innovative platform for threat detection and prevention. She is an active participant in a variety of relevant industry and government initiatives to support security within the healthcare industry and she is passionate about advancing the security and safety of medical devices.

Building Trust in Medical Device Cybersecurity Through Transparency

This talk covers the evolution of transparency in medical device cybersecurity, which was historically opaque but is now embracing openness. It explores the catalysts behind this shift, as well as the profound benefits for patients, customers, and manufacturers alike.

Matthew Vorhees - DMD Speaker

Matthew Vorhees
Engineering Program Manager of Medical Device Cybersecurity, Product Security Office, Medtronic

With 10+ years in cybersecurity, compliance, risk management, and IT audit, I lead Medical Device Cybersecurity as an Engineering Program Manager at Medtronic. Collaborating internally and externally, I ensure our products prioritize safety and security. My goal is to advance Medtronic's cybersecurity maturity and shape future product offerings. I am passionate about healthcare security and through this work I support Medtronic's mission of improving lives.

FDA Cybersecurity Requirements for Submissions

This presentation will cover new cybersecurity requirements in Section 524B of the Federal Food, Drug, and Cosmetic Act (FD&C Act).

Scott Singer - DMD Speaker

Scott Singer

Scott brings 30 years of military experience in both active duty and reserve roles along with 31 years of industry experience.  Scott co-founded CyberNINES and serves as the Chief Executive Officer.  Scott was the former director of the University of MN, Center for Medical Device Cybersecurity.  Before that Scott was at PaR Systems, where he was Chief Information Officer since 2010.  Previously, Scott spent 16 years with Medtronic in various leadership positions including the European Infrastructure Manager, the Vascular division CIO, and the head of global security.  Scott has extensive experience with regulatory frameworks and government contracting including Federal Acquisition Regulations (FAR/DFARS), HIPAA, medical device (ISO 13485), and cybersecurity (ISO 27001, NIST), aerospace (AS9100) and nuclear (NQA-1).

Scott is the past board chair for the Minnesota Technology Association (MnTech) and is currently a board member of InfraGard.  In June 2021, he testified before Congress on the costs to small business to comply with the DoDs Cybersecurity Maturity Model Certification (CMMC).  


Allison Hubel - DMD Moderator

Allison Hubel
University of Minnesota

Dr. Hubel is a Professor in Mechanical Engineering at the University of Minnesota and Director of the Technology Leadership Institute. She is the current President of the Society for Cryobiology. Dr. Hubel has studied both basic science and translational issues behind preservation. Her work spans from the study of molecular mechanisms of damage during preservation to the development of technology to improve preservation outcomes. She pioneered novel experimental techniques such as low temperature Raman Spectroscopy to understand freezing damage and the use of machine learning to optimize cryopreservation protocol development. She is founder and Chief Science Officer of Evia Bio, a startup company based on the preservation technology developed in her lab. Dr. Hubel has published numerous scientific articles in the field of preservation, and she is the author of, “Preservation of Cells: A Practical Manual”. She is a former deputy editor of Biopreservation and Biobanking, a fellow of ASME and received the Outstanding Achievement in Biobanking Award from ISBER.