Skip to main content

MDIC Publishes First MedTech Cybersecurity Maturity Benchmarking Report

The benchmarking effort from MDIC will serve as a tool and a resource towards identifying best practices in cybersecurity that can be replicated by medical device manufacturers to ensure patient safety and security

The Medical Device Innovation Consortium (MDIC) today released the first benchmark report of the medical device industry’s cybersecurity maturity in partnership with Booz Allen Hamilton. The online tool MDIC developed for surveying the medical device industry on cybersecurity practices as well as the baseline findings in this report aim to enable medical device manufacturers (MDMs), Health Delivery Organizations (HDOs), and other stakeholders to more effectively establish long-term strategic plans to increase their cybersecurity maturity and efficiently track their progress.

“The goal of the MDIC Medical Device Cybersecurity Benchmarking Initiative is to measure cybersecurity maturity and benchmark across the industry to drive common improvements that reduce overall cybersecurity risk,” said Andrew Fish, MDIC President and CEO. MDIC collaborated with Healthcare Sector Coordinating Council (HSCC) and leveraged their 2019 Medical Device and Health Information Technology Joint Security Plan (JSP) framework to create the benchmarking survey for MDMs. MDIC and Booz Allen engaged MDMs of all sizes to gather insights into the current posture of their cybersecurity maturity, then aggregated and analyzed the data that is ultimately shared in this benchmark report.

“It is exciting that the release of the MDIC benchmarking report coincides with Cybersecurity Awareness Month,” said Suzanne Schwartz, Director of the Office of Strategic Partnerships & Technology Innovation at the FDA’s Center for Devices and Radiological Health (CDRH). “CDRH is committed to strengthening medical device cybersecurity, and data like those found in the benchmarking report support the overall medical device ecosystem in achieving this goal. We hope that the learnings from the MDIC benchmarking report can further inform future iterations of the JSP framework.”

The benchmark report revealed that there was not a correlation between the amount of a medical device manufacturer’s annual revenue and its cybersecurity maturity score. Overall, for the participating cohort, the industry’s highest level of maturity was related to organizational structure, while the lowest scores were around cybersecurity design control.

“It is well understood that you can’t improve what you can’t measure. Increasingly, cyber safety must be measured against patient safety. Thanks to MDIC, we have a means to begin measuring how medical device companies using the JSP and other frameworks are improving cybersecurity design and development in medical devices that patient safety requires. For HDOs, this is an important resource for their cyber risk management programs,” said Greg Garcia, the Cybersecurity Executive Director at the HSCC.

“We appreciate the strong collaboration among the MDIC, the FDA, HSCC, and MDMs, and hope the rich insights provided in this first-ever cybersecurity benchmarking report will help inform the maturation of medical device cybersecurity both within enterprises and across the industry,” said Andy Speirs, Principal, Secure Connected Health, Booz Allen Hamilton.

In addition to the ongoing benchmarking efforts, MDIC’s Medical Device Cybersecurity Initiative Steering Committee, chaired by Rob Suarez, Chief Information Security Officer for BD (Becton Dickinson), currently focuses on areas such as - threat modeling, penetration testing, and coordinated vulnerability disclosure.

“As an industry, we must keep improving,” said Rob Suarez. “The MDIC benchmarking report provides a baseline for understanding the industry’s current cybersecurity maturity. For medical technology companies, benchmark data provides a useful tool in our collective journey toward advancing cybersecurity in healthcare. Knowing where we stand today can help all of us identify opportunities to boost cybersecurity and resilience, which are essential to protecting patient safety and privacy.”

MDIC’s benchmarking tool will be available as a resource to manufacturers to measure maturity over time. Further, MDIC intends to publish the Medical Device Cybersecurity: Industry Benchmark Report annually that will serve as a critical source of information and further enable the industry to continue to improve product security. Future benchmarking will ideally include an expanded cohort with broader representation across smaller and larger MDMs as well as markets outside the US.

About the Medical Device Innovation Consortium

Founded in 2012, the Medical Device Innovation Consortium (MDIC) is the first public-private partnership created with the sole objective of advancing medical device regulatory science throughout the total product life cycle. MDIC’s mission is to promote public health through science and technology and to enhance trust and confidence among stakeholders. MDIC works in the pre-competitive space to facilitate the development of methods, tools, and approaches that enhance understanding and improve evaluation of product safety, quality, and effectiveness. Its initiative aims to improve product safety and patient access to cutting-edge medical technology while reducing cost and time to market. For more information, visit

About Booz Allen

For more than 100 years, business, government, and military leaders have turned to Booz Allen Hamilton to solve their most complex problems. As a consulting firm with experts in analytics, digital, engineering, and cyber, we help organizations transform. We are a key partner on some of the most innovative programs for governments worldwide and trusted by the most sensitive agencies. We work shoulder to shoulder with clients, using a mission-first approach to choose the right strategy and technology to help them realize their vision. With global headquarters in McLean, Virginia, our firm employs about 27,200 people globally, and had revenue of $7.5 billion for the 12 months ended March 31, 2020. To learn more, visit (NYSE: BAH)

@mdiconline Publishes First Industry Benchmarking Report on MedTech Cybersecurity Maturity. #cybersecurity #medtech #innovation #beCyberSmart #cybersecurityawarenessmonth #benchmark


Data & News supplied by
Stock quotes supplied by Barchart
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.