Cybersecurity complexities in the medical device industry

Paul Lockley – VP Sales, EMEA:

Recently, I had the pleasure of speaking at the 6th Annual European Medical Device and Diagnostic Cybersecurity Conference. The event covered a wide range of cyber-related issues, including SBOM complexities, the NIS2 directive, hospital cybersecurity challenges, threat modelling, vulnerabilities, and weak links in IoMT security. Amid these discussions, the complexity of getting things done in a large organisation stood out the most.

During a roundtable workshop I chaired on the complexities of creating and managing SBOMs, I expected the primary challenge to be the creation process itself or aligning the SBOM to devices. However, what emerged was a picture of organisational complexity, where different departments or divisions had conflicting demands. Instead of centralised services and shared best practices, there was divisional infighting—not in all cases, but enough to raise concerns. For senior executives, this presents a tough challenge. In matters of cybersecurity and compliance, a unified direction is essential for achieving true operational resilience. Harmony within the organisation must come from the CISO downwards, driving direction and control from the enterprise level to the very edge.

Another major topic of discussion was the depth and breadth of legislation, and the clear direction companies should take to address the evolving landscape of risk. With most existing requirements being enterprise-based, the question arises: how does changing regulation impact tomorrow’s connected landscapes? New entrants like NIS2, CRA, and MDR IDVR are among the factors changing the landscape. While designing future changes is one thing, managing the current fleet of systems, services, and devices—likely to remain in place for some time—is another. Zero Trust offers a great approach to simplifying the way cyber risk is addressed across platforms and legislation. However, Zero Trust is not a product to be bought; it is a methodology and mindset encapsulated by the phrase, “Trust nothing, verify always.”

The encouraging news is that most modern cybersecurity companies, which address the identity of the “thing” rather than the “who”, have the ability to collaborate. This is crucial because tomorrow’s attacks will come from multiple fronts and with various intents. Building a formidable defence will rely on technologies that serve as parts of a broader solution rather than complete solutions themselves. A rich ecosystem of technology partners and the capacity to easily integrate with wider services will determine whether an organisation becomes a “brick in the wall” or a “hole in the fence.”

Navigating the complexities of cybersecurity in the medical device industry requires a unified approach and a collaborative mindset. Organisations must strive for harmony from the top down and embrace methodologies like Zero Trust to effectively manage risks. By fostering a rich ecosystem of technology partners, companies can build a robust defence against the multifaceted threats of the future.

Tern plc (LON:TERN) backs exciting, high growth IoT innovators in Europe. They provide support and create a genuinely collaborative environment for talented, well-motivated teams. Device Authority is focused on securing connected device ecosystems and is recognized as the global leader in Device Identity Lifecycle Management and Identity and Access Management (IAM) for the Internet of Things (IoT).

Click to view all articles for the EPIC:
Or click to view the full company profile:
Facebook
X
LinkedIn
Tern plc

More articles like this

Tern plc

How AI-human synergy is rewriting the rules of Pharma Marketing

AI is no longer a futuristic concept in Pharma Marketing—it’s a powerful force already reshaping strategy, precision, and personalisation at scale. But its real magic happens when it partners with human expertise, unlocking smarter, more responsive

Tern plc

Tern advancing innovation in IoT and AI

Tern drives innovation in IoT and AI sectors through strategic investments and collaborations, showcasing its strong momentum in disruptive technologies.