38C3 - The ongoing (silent) storm in the medical devices industry and since when cybersecurity is a

Medical technology is a heavily regulated industry and while there are very big name companies with deep pockets, small to medium manufacturers are struggling to keep up with the sheer amount of cybersecurity requirements. On top of all this, the requirements are many, qualified people are rare, and essential dependencies have shown not to be always stable.

Intro and giving a tangible sense of how heavily regulated is medical device industry
Dates and ongoing movements in the industry (eStar evolution, regulatory bodies, manufacturers, notified bodies, security companies, pentest providers)
How are the new aspects affecting new products and product updates: SBOM, threat modeling, security risk management
The long list of challenges, pitfalls and other fun aspects: legacy, embedded, certifications, SBOMs, CPEs, NVD chaos, risk management, etc.)

Haitham Abbadi

https://events.ccc.de/congress/2024/h...

#38c3

Licensed to the public under http://creativecommons.org/licenses/b...