Loading ...

Medical Device Cybersecurity Risk Management, Regulations and Standards Training

Medical device cybersecurity is called out specifically in ISO 14971:2019 and
ISO/TR 24971:2020. This training will introduce you to the process of ensuring that cybersecurity risks in connected devices are identified and managed throughout the software life cycle. You will cover regulations, standards, and guidance documents related to medical device cybersecurity, including IMDRF cybersecurity guidance, MDCG cybersecurity guidance, FDA premarket and postmarket guidance for cybersecurity, ISO 80001-2, and ISO 14971. Interactive class activities include building a sample threat model during the course workshops by incorporating the principles of cybersafety by design, information sharing, evidence capture, and incident response. 

Compare Classes

Brief Overview of This Cybersecurity Risk Class for Connected Medical Devices

SkillsLab Class ?

Class Content


Class Duration

4 Half-Day Sessions*

Teaching Format

Live, Instructor-Led

Delivery Options

Virtual or In Person

Certification of Completion


Continuing Education Units (CEUs)


* SkillsLab classes delivered in-person (private or public) are full-day sessions delivered over 2 consecutive days. 

** Interested in private training for your team, virtually or in-person at your facility? See more details or ask us about it!

Upcoming Classes

Upcoming Medical Device Cybersecurity Risk Management Training Classes

SkillsLab $2495

Course Code Location Class Begins Class Ends Daily Schedule Course Delivery Class Agenda Registration
CRS VIRTUAL DELIVERY (Eastern time - PM) 15 Oct 2024 18 Oct 2024 1:00PM - 5:00PM Eastern US Time Virtual REGISTER


Save up to


Register 3 people, 4th attends free!


*This offer cannot be combined with any other promotional offer(s).

Course Overview

Here's What We Cover in This Intensive Cybersecurity Regulatory Compliance Class

If your company makes connected medical devices, you know cybersecurity is paramount. This class digs deep into standards, regulations, and guidance for device cybersecurity, including threats, vulnerability, incident response, and more. This course provides the knowledge and skills you'll need to manage cybersecurity risks for connected medical devices. It goes beyond traditional risk management to provide a framework for a risk-based approach to identifying and managing threats and vulnerabilities on an ongoing basis. 

Course Overview
SkillsLab Class

Introduction to Cybersecurity and Risk Management

  • Cybersecurity key terms
  • ISO 14971:2019 applied to connected medical devices
Workshop! Device Introduction and Definition Application

Cybersafety by Design

  • Introduction to applicable standards
  • Review of regulatory requirements and guidance
  • Software supply chain
Exercise! Comparison of Standards

Collaboration and Information Sharing

  • Responsible disclosure
  • Working with researchers
  • Information-sharing organizations (ISAOs) and postmarket surveillance
Workshop! Common Vulnerability Scoring System (CVSS) Practice

Evidence Capture, Resilience, and Containment

  • Shared responsibility
  • Forensics and evidence capture from devices
  • Device safety and resilience
  • Trusted inputs
  • Patient record integrity and privacy
Workshop! Create a Network Map with Responsibilities and Dataflow

Access Management and Threat Modeling

  • Remote access issues
  • Introduction to adversarial threat modeling methods
Workshop! Create a Threat Model for Sample Medical Device

Software Life Cycle and Medical Device Postmarket Safety Updates

  • Documentation and governance in development process
  • Technical security in update process
  • Stakeholder communication in the update process
  • Security updates in off-the-shelf software
What You Will Learn

What You Will Learn

At the conclusion of this training class, you will be able to

Describe the terminology and definitions related to medical device cybersecurity.

Identify the requirements for cybersecurity by design, including relevant standards, adversarial resilience analysis, remote access control, supply chain rigor, and requirements for premarket submissions in US and EU.

Describe a proactive, risk-based approach in third-party collaboration, integrating cybersecurity-specific postmarket requirements, and working with researchers and organizations to identify emerging vulnerabilities and threats.

Describe best practices for evidence capture during safety investigations that are independently reviewable, preserve information about the event (including chain of custody and tamper resistance) while avoiding privacy and surveillance concerns, and provide a mechanism for reapplication of knowledge.

Identify mechanisms for resilience and containment, including minimizing exposures, creating secure environments for isolation and segmentation, and creating visible and safe modes of failure, while preserving data integrity.

Describe strategies for rapid, efficient cybersafety updates, such as automation and process documentation, secure update processes, stakeholder communication (including FDA), and OTS update verifications.

Who Should Attend

Who Should Attend

Recommended for risk managers, quality assurance professionals, auditors, engineers / testers, product managers, and regulatory professionals working in medical device and in vitro diagnostic organizations. 

  • Risk Managers
  • QA Professionals
  • Auditors
  • Engineers / Testers
  • Product Managers

© Oriel STAT A MATRIX. All Rights Reserved. Site Map Privacy and Legal