Medical Design and Outsourcing

  • Home
  • Medical Device Business
    • Mergers & Acquisitions
    • Financial
    • Regulatory
  • Applications
    • Cardiovascular
    • Devices
    • Imaging
    • Implantables
    • Medical Equipment
    • Orthopedic
    • Surgical
  • Technologies
    • Supplies and Components Index
    • Contract Manufacturing
    • Components
    • Electronics
    • Extrusions
    • Materials
    • Motion Control
    • Prototyping
    • Pumps
    • Tubing
  • MedTech Resources
    • Medtech Events in 2025
    • The 2024 Medtech Big 100
    • Medical Device Handbook
    • MedTech 100 Index
    • Subscribe to Print Magazine
    • DeviceTalks
    • Digital Editions
    • eBooks
    • Manufacturer Search
    • Podcasts
    • Print Subscription
    • Webinars / Digital Events
    • Whitepapers
    • Voices
    • Video
  • 2025 Leadership
    • 2024 Winners
    • 2023 Winners
    • 2022 Winners
    • 2021 Winners
  • Women in Medtech
  • Advertise
  • Subscribe

UL experts aim to “raise the baseline” in cybersecurity

April 20, 2016 By Heather Thompson

Electrocardiogram and stethoscope

Industry is facing increasing risk of both unintentional and malignant cyber threats, and an increasing sense of responsibility to protect against those factors. Cyber threats continue to be a high priority for medical technology companies, but there are continued questions on how and where to introduce security measures.

Now, UL says the process should be fairly painless and can be integrated into procedures that medtech companies are already following. UL has launched the Cybersecurity Assurance Program (CAP) to help companies prepare as cyber attacks become more sophisticated, harder to protect against, and more costly.

“Security has been part of UL’s focus as a key component of safety for decades,” says Anura Fernando, principal engineer for UL. The development of CAP was a response to government identifying a need to a critical focus on the infrastructure for healthcare and industrial controls.

“We designed the program to address fundamental problems associated with cyber threats and provide an easy solution of procedures and tests to help increase risk controls.”

Designed in collaboration with The White House, the U.S. Dept. of Homeland Security (DHS) and other industry partners, UL CAP helps assure all devices are secure and meet the latest security standards.

UL cyber experts will help manufacturers, purchasers, and end users identify security risks in their products and systems through the use of UL’s new 2900 series of standards. The program provides methods for mitigating cyber attack risks through the development and maintenance of products with a security focus.

“Our main goal was to make the system seamless for manufacturers. We’ve intentionally gathered input to ensure the process is less burdensome than for some defense systems,” says Fernando. He says the program is designed to work along with risk management practices that manufacturers have to complete to satisfy regulatory requirements. “Cybersecurity should be thought of as part of the normal risk management process,” he says.

Manufacturers do have to consider that there will be changes. For example, many risks are introduced in the post-market environment; therefore companies have to consider patch management as part of the process. “The products on the market today are integrated with other devices, which adds complexity to risk management” Fernando says. However, he also notes that this risk is not solely the burden of the manufacturer: “The whole supply chain has responsibility.”

The UL system “spans the process from initial design to integration into a healthcare system,” including how to handle identification data for patient protection, says Fernando. Some of the ideas UL addresses in its protocols include:

  • Ensuring passwords aren’t hard-coded into the device.
  • Introducing encryption where necessary and possible.
  • Authentication.
  • Language subsetting and programming constructs to avoid.

Essentially, UL’s CAP “is intended to raise the baseline of security.” The key idea, says Fernando, is that medical device manufacturers should introduce cyber security by design.

Related Articles Read More >

Cybellum releases Product Security Platform 3.0: Risk Edition
A photo of a medical device cleanroom employee inspecting electronics.
Tackling the hidden cleanroom threat of electrostatic discharge (ESD)
A child using a medical device at home.
Device design takes the spotlight among 2024’s top health tech hazards
The logo for ANVISA, Brazil’s medical device market regulato
Brazil’s ANVISA plans major medical device registration updates
“mdo
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest medical device business news, application and technology trends.

DeviceTalks Weekly

See More >

MDO Digital Edition

Digital Edition

Subscribe to Medical Design & Outsourcing. Bookmark, share and interact with the leading medical design engineering magazine today.

MEDTECH 100 INDEX

Medtech 100 logo
Market Summary > Current Price
The MedTech 100 is a financial index calculated using the BIG100 companies covered in Medical Design and Outsourcing.
DeviceTalks

DeviceTalks is a conversation among medical technology leaders. It's events, podcasts, webinars and one-on-one exchanges of ideas & insights.

DeviceTalks

New MedTech Resource

Medical Tubing

MassDevice

Mass Device

The Medical Device Business Journal. MassDevice is the leading medical device news business journal telling the stories of the devices that save lives.

Visit Website
MDO ad
Medical Design and Outsourcing
  • MassDevice
  • DeviceTalks
  • MedTech100 Index
  • Medical Tubing + Extrusion
  • Medical Design Sourcing
  • Drug Delivery Business News
  • Drug Discovery & Development
  • Pharmaceutical Processing World
  • R&D World
  • About Us/Contact
  • Advertise With Us
  • Subscribe to Print Magazine
  • Subscribe to our E-Newsletter
  • Listen to our Weekly Podcasts
  • Join our DeviceTalks Tuesdays Discussion

Copyright © 2025 WTWH Media, LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media LLC. Site Map | Privacy Policy | RSS

Search Medical Design & Outsourcing

  • Home
  • Medical Device Business
    • Mergers & Acquisitions
    • Financial
    • Regulatory
  • Applications
    • Cardiovascular
    • Devices
    • Imaging
    • Implantables
    • Medical Equipment
    • Orthopedic
    • Surgical
  • Technologies
    • Supplies and Components Index
    • Contract Manufacturing
    • Components
    • Electronics
    • Extrusions
    • Materials
    • Motion Control
    • Prototyping
    • Pumps
    • Tubing
  • MedTech Resources
    • Medtech Events in 2025
    • The 2024 Medtech Big 100
    • Medical Device Handbook
    • MedTech 100 Index
    • Subscribe to Print Magazine
    • DeviceTalks
    • Digital Editions
    • eBooks
    • Manufacturer Search
    • Podcasts
    • Print Subscription
    • Webinars / Digital Events
    • Whitepapers
    • Voices
    • Video
  • 2025 Leadership
    • 2024 Winners
    • 2023 Winners
    • 2022 Winners
    • 2021 Winners
  • Women in Medtech
  • Advertise
  • Subscribe