Key Takeaways AI-assisted development is accelerating the creation of medical device software while introducing new code security risks. Open source and third-party components increase software supply chain complexity and vulnerability exposure. Medical device teams...
“Hope is not a strategy.” That warning captures the reality healthcare leaders now face. Hospitals, medical device makers, pharmacies, insurers, software vendors, and service providers operate as one connected digital ecosystem. When one part falls to a cyberattack,...
Key Takeaways Malware infections remain the leading attack type from 2025 to 2026, affecting 48% of organizations that experienced an incident. Remote access exploitation increased to 38% in 2026, up from 28% in 2025, making it one of the fastest-growing threat...
Key Takeaways An SBOM is required, but not enough. FDA 524B requires proof of active software risk control, including vulnerability analysis, remediation decisions, and postmarket monitoring. Exploitability analysis is the differentiator. The FDA doesn’t expect...
Key Takeaways Cyberattacks on medical devices are rising despite stronger procurement requirements. 80% of affected organizations reported moderate or significant impact on patient care. Legacy devices are the gap that procurement cannot close. More than a quarter of...
Key Takeaways: The FDA is asking medical device manufacturers to submit VEX (Vulnerability Exploitability eXchange) files alongside SBOMs in some premarket cybersecurity submissions. VEX artifacts document whether known vulnerabilities in SBOM-listed components are...
