MedTech Cyber Tips Editorial Team
Medical Device Cybersecurity Editors
Editorial standards, technical review, and regulatory alignment.
Editorial background
The MedTech Cyber Tips editorial team is a group of practitioners with hands-on experience across FDA premarket cybersecurity submissions, Secure Product Development Framework (SPDF) implementation, medical device threat modeling, and postmarket vulnerability management. Every article, checklist, and update on this site is reviewed for accuracy against the FDA's February 3, 2026 final premarket cybersecurity guidance, Section 524B of the FD&C Act, MDCG 2019-16 Rev.2, IEC 81001-5-1, ISO 14971, and the EU Cyber Resilience Act. The team also tracks 510(k) deficiency patterns and CVE trends affecting connected medical devices so guidance on the site stays current.
Areas of expertise
- Medical device cybersecurity
- FDA Section 524B
- FDA premarket cybersecurity guidance (Feb 3, 2026)
- Secure Product Development Framework
- SBOM and VEX
- Medical device threat modeling
- Postmarket vulnerability management
- EU MDR cybersecurity (MDCG 2019-16 Rev.2)
- EU Cyber Resilience Act
- IEC 81001-5-1
- ISO 14971 risk management
Recent reviewed articles
-
MDCG 2019-16 Rev.2 at six months: Notified Body audit patterns· EU MDR
-
Three years of Section 524B: the deficiencies that never went away· FDA
-
IEC 81001-5-1 Amendment 1 reaches FDIS - what MedTech teams should track· Standards
-
EU CRA delegated acts under Article 27 - the technical baseline is taking shape· Standards
-
CISA + FDA joint advisories in 2026: infusion pumps, imaging, and what to do next· Vulnerability
Topics reviewed
-
OverviewStart here. The big picture for MedTech security.
-
Why It MattersThe case for taking cybersecurity seriously: patients, brand, and revenue.
-
SPDFBake security into every stage of the device lifecycle.
-
Threat ModelingIdentify and reason about threats before they ship.
-
PentestingWhat's in scope (hardware, firmware, wireless, cloud, mobile), the methods reviewers expect, and how to read a pentest report against FDA cybersecurity guidance.
-
PremarketSubmit a cybersecurity package the FDA will accept.