Cybersecurity Risk Analysis for Medical Devices in the Era of Evolving Technologies

As Medical Device Manufacturers (MDMs) continue to innovate, the technologies used to provide new capabilities and to protect devices against existing and emerging threats evolve. MDMs may start to adopt relatively established technologies or to incorporate emerging technologies, which present new cybersecurity risks that may impact device functionality and lead to patient harm if not addressed.

This discussion paper addresses some general cybersecurity considerations when designing medical devices to incorporate emerging and evolving technologies. It then considers three specific examples: cloud computing, artificial intelligence and machine learning (AI/ML), and post-quantum cryptography (PQC). Cloud computing and AI/ML are evolving technologies that present new cybersecurity risks, while PQC is an emerging technology to manage the risks posed by quantum cryptography.

Finally, the paper includes a resources appendix of cybersecurity best practices and frameworks, to help implement both general and technology-specific considerations.