An overview of cybersecurity regulation/guidance’s evolution in the medical industry

Introduction The last decades have been surrounded by many cybersecurity attacks around the world, many of them in Hospitals or Medical Devices. For example, on September 12th, 2022, the FBI warned that many medical devices with outdated software could be targeted. For this reason, many Regulatory Organizations, such as the Food and Drug Administration (FDA) […]

81001-5 a simple overview

Introduction The scope of this post is to give an overview about the IEC 81001-5 which is a new compulsory regulation, that the MedTech manufacturer shall take into account for their new health software and for legacy device that should be recertificated under the new MDR.This post is part of a series which will be […]

SECURING API’s: Best Practices and Strategies

Introduction As more and more applications are moving to the cloud, the use of APIs (Application Programming Interfaces) is getting more and more popular. APIs is a great way to provide access to our resources, information and services to other applications making it easier to build complex applications with many features, but they also present […]

How to Implement a Secure Bootloader in an Embedded Device (Case Study)

Example in RT1050 EVK This is the continuation of the previous post. To test all this theory into a practical case, we are going to use and RT1050 evaluation board. As application we will use the hello_world example, as bootloader we will use the SBL (Secure Bootloader) project and to generate a signed firmware we […]

How to Implement a Secure Bootloader in an Embedded Device

IOT (Internet of Things) is quite a thing nowadays, from small home devices such as lamps or coffee machines to bigger home appliances like washing machines or refrigerators. All devices tend to be connected to internet, you can now control them when you are outside your home or get different notifications on your phone. In […]

Cyber Security Standards: IEC 81001-5-1 and IEC 60601-4-5


The aim of this article is to give an overview about the main standards which regulate the cyber security of a Medical Device, they are: IEC 80001-1: Safety, effectiveness and security in the implementation and use of connected medical devices or connected health software – Part 1: Application of risk management. IEC 81001-5-1 (not published): […]

Threat Modeling: A General Introduction

Cyber threat modeling

In this article, we will provide a general overview of Threat Modelling (why medical device manufacturers should use it, how it works and what the regulatory requirements are). Nowadays, Threat Modeling is a topic for all medical devices with embedded software or standalone software. This is because threat modeling is a structured process to analyse […] Software Participates in The 10th Annual Software Design for Medical Devices Conference

Alessandro Vitiello and Alejandro Torres Molina at the SDMD conference, Frankfurt 2022

The 10th Annual Software Design for Medical Devices held in Frankfurt, Germany was a success as software and cybersecurity experts from all across Europe were in attendance. The event which spanned from the 13th-15th of September 2022, addressed the potential to increase development efficiency, how to accelerate software design for medical devices, how to prioritize […]

Key Concepts in Cybersecurity Within The Healthcare Industry


In the field of cybersecurity, the CIA triad has been accepted as a model for information security. It refers to three key concepts to be addressed when laying the foundations for the development of secure systems: Confidentiality, Integrity, and Availability. The aim of this article is to analyse these three key principles in the field […]