Resources

Practical guidance on medical device security, FDA compliance, and penetration testing methodology.

Hardware Security in Medical Devices: What We Find in the Lab
Testing Methodology

Hardware Security in Medical Devices: What We Find in the Lab

A look at the most common hardware security issues we encounter when testing medical devices — from exposed debug ports to unencrypted flash storage. What manufacturers miss and how to fix it.

2026-04-09 · 5 min read
Testing BLE Security in Medical Devices: A Deep Dive
Testing Methodology

Testing BLE Security in Medical Devices: A Deep Dive

Bluetooth Low Energy is everywhere in connected medical devices — and it's consistently one of the weakest points we find. Here's what we test, what breaks, and what manufacturers get wrong.

2026-04-08 · 7 min read
IEC 62443 for Medical Device Manufacturers: What You Need to Know
FDA Guidance

IEC 62443 for Medical Device Manufacturers: What You Need to Know

IEC 62443 is the cybersecurity standard the FDA increasingly references for connected medical devices. Here's what it covers, how it applies to your device, and what manufacturers need to do.

2026-04-07 · 6 min read
How to Respond to an FDA ANIN Cybersecurity Letter
FDA Guidance

How to Respond to an FDA ANIN Cybersecurity Letter

Received an Additional Information letter from the FDA about your device's cybersecurity? Here's what it means, what they're asking for, and how to get your submission back on track.

2026-04-06 · 5 min read
What Medical Device Manufacturers Need to Know About FDA Cybersecurity Requirements
FDA Guidance

What Medical Device Manufacturers Need to Know About FDA Cybersecurity Requirements

A practical guide to the FDA's premarket cybersecurity requirements under Section 524B, including what manufacturers need to document and how to prepare for submission.

2026-04-05 · 4 min read
510(k) vs. PMA: How Cybersecurity Testing Requirements Differ
FDA Guidance

510(k) vs. PMA: How Cybersecurity Testing Requirements Differ

The FDA's cybersecurity expectations aren't the same for every submission pathway. Here's how 510(k) and PMA differ in what they require for cybersecurity documentation and testing.

2026-04-04 · 5 min read
Firmware Security Testing for Medical Devices: What We Look For
Testing Methodology

Firmware Security Testing for Medical Devices: What We Look For

Firmware is the most sensitive layer of a medical device. Here's how we test it — from extraction and reverse engineering to secure boot validation and update mechanism analysis.

2026-04-03 · 6 min read
Common Vulnerabilities We Find in Connected Medical Devices
Testing Methodology

Common Vulnerabilities We Find in Connected Medical Devices

After testing hundreds of medical devices, these are the vulnerabilities we find most often — and the ones most likely to trigger an FDA ANIN letter if left unaddressed.

2026-04-02 · 7 min read
Building a Post-Market Cybersecurity Plan for Your Medical Device
FDA Guidance

Building a Post-Market Cybersecurity Plan for Your Medical Device

The FDA expects your cybersecurity plan to extend beyond submission. Here's what a post-market cybersecurity plan needs to include and how to build one that satisfies reviewers.

2026-04-01 · 6 min read
What to Expect from a Medical Device Penetration Test
Testing Methodology

What to Expect from a Medical Device Penetration Test

A manufacturer's guide to the medical device pentest process — from scoping to final report. What we test, how long it takes, and what you'll get.

2026-03-20 · 3 min read