In a Q&A with MedTech Intelligence, Vidya Murthy of MedCrypt and Baksheesh Singh Ghuman of Finite State share their thoughts on the cybersecurity challenges facing medical device manufacturers and healthcare organizations, and why it’s important that companies prioritize designing security into devices.

In an attempt to identify what is the most significant vulnerability, we reviewed every MDM vulnerability disclosure by ICS-CERT since 2013. As noted in the whitepaper, user authentication is a recurring theme in vulnerabilities. It doesn’t feel like we’re facing customized, highly sophisticated attacks, but instead are struggling with foundational security best practices.

The greatest risk to a sufficient security posture is waiting for perfection in light of making continuous progress. I applaud those MDMs that have been vocal about developing security programs, committed budget and resources to standing up product security teams, and engaging with experts to find tools that meet their needs. The industry’s biggest challenge is to make security de facto in product development lifecycles, and not a reactionary Band-Aid after an incident or customer mandate.

Vidya Murthy, vice president of operations at MedCrypt

Read more in MedTech Intelligence