Skip to Main Content
White Paper

Medical devices security to achieve regulatory approval


Common Vulnerabilities and Exposures (CVEs) are documented in a database to inform companies about known security issues.

Today, more and more medical devices are being developed and launched on the market. With this acceleration of innovation, medical devices are becoming more connected to the outside world using the same internet that you use every day. This means accessible data from implantable devices, the ability to collect and analyze data from multiple devices and even adjusting devices remotely.

However, with more connectivity comes greater concerns about medical device security and patients’ privacy and data. Learn how to meet regulatory requirements from the FDA while maintaining medical device security.

Protect your devices from known and unknown threats

Security vulnerabilities are in every product, including medical devices. Medical device manufacturers need to recognize this and prepare for any errors to limit potential damage and exposure. Knowing any issues, potential fixes and the severity of risk can give companies the opportunity to act fast and secure their devices.

Every significant Common Vulnerability and Exposure (CVE) is documented the US National Vulnerability Database. This database can inform other companies of known information about a security issue, as well as any existing solutions for it. While many exploits used by hackers are known and fixable, there is always the possibility of an unknown security threat. Regulatory agencies now require manufacturers to manage product defects as part of the post-market plans. There are many considerations to make during product development to future-proof your device.

Download the whitepaper to learn how to eliminate vulnerabilities and secure your medical device.

Benefits of using an operating system provider in product development

Using an operating system (OS) provider, such as Siemens Embedded, can provide benefits to your product development. These benefits include:

  • The OS provider focuses on the OS as a product itself and develops, tests, and releases the product.
  • The OS provider can provide services and support to the team that will accelerate product development.
  • The OS provider will maintain their products, providing regular updates to customers.
  • The OS provider is strongly focused on security vulnerabilities, including CVEs.
  • The OS provider likely has experience working with other medical device manufacturers.

Download the whitepaper to learn more about what you should be asking your operating system providers to leverage their expertise for your medical device development.

Background about the author

Robert Bates is responsible for safety, quality and security aspects of the Siemens Digital Industries Software embedded product portfolio targeting the Medical, Industrial, Automotive and Aerospace markets. In this role, Robert works closely with customers and certification agencies to facilitate the safety certification of devices to IEC 61508, ISO 26262 and other safety certifications. Before moving to this position in 2014, Robert was a Software Development Director at Wind River, where he was responsible for commercial hypervisors. Robert has 25 years of experience in the embedded software field, most of which has been spent developing operating system and middleware components to device makers across all markets and regions.