Medical device cybersecurity has traditionally focused on the device itself - designing with security in mind, managing vulnerabilities, and ensuring compliance through the premarket and postmarket phases. But looking at the entire product lifecycle, the complexities of cybersecurity risks of operational technologies (OT) used to manufacture medical products has been overlooked.
The FDA’s recent whitepaper, Securing Operational Technologies and Equipment Used for Medical Product Manufacturing, brings long-overdue attention to this risk. In an era of connected production lines, Industrial Internet of Things (IIoT), and complex global supply chains, a compromise at the manufacturing level could be just as harmful as a device vulnerability discovered in the field.
Why OT Cybersecurity Is in the Spotlight
The convergence of IT and OT is not new to industries like aerospace, automotive, or energy. These sectors have long recognized the security implications of blending physical systems with digital control layers. OT-specific protocols, network segmentation, and supply chain visibility are standard practice.
But in the medical products industry, OT cybersecurity is still catching up. Production networks are often cobbled together with legacy equipment, commercial off-the-shelf (COTS) systems, and complex vendor relationships. Many OEMs rely on third-party manufacturers or contract manufacturers (CMs) that operate semi-independently - and with varying levels of security maturity.
Quick fixes like disabling Wi-Fi or enforcing air-gapped networks are sometimes seen as a stopgap, but these can inadvertently:
- Hinder necessary remote support or software updates
- Prevent secure provisioning workflows that require online access
- Create a false sense of security while lateral movement through other interfaces remains possible
The reality? Turning off connectivity doesn't eliminate risk - it just obscures it.
What the FDA Whitepaper Signals
While the whitepaper is not formal guidance, it is a clear signal: FDA is widening its lens on where cybersecurity matters. Just as the 2025 Final Premarket Cybersecurity Guidance clarified expectations for device design, and the 2016 Postmarket Guidance focused on lifecycle management, this whitepaper fills in the missing middle - the manufacturing environment.
It outlines challenges like:
- Lack of visibility into device and network behavior
- Lack of control over increasingly complex and opaque infrastructure
- The risk posed by poorly configured or unpatched COTS components
And it proposes familiar yet essential practices:
- Zone and conduit segmentation
- Three-tier network architecture
- SBOMs and network documentation
- Use of security frameworks like NIST, FIPS, and CISA guidance
Medcrypt’s Perspective: Secure Products Require A Secure Factory Floor
At Medcrypt, we believe safe medical devices require a holistic cybersecurity approach across the entire value chain. You can design the most secure device in the world, but if it’s produced in a compromised environment, all bets are off.
One of the critical production-stage risks is cryptographic key provisioning.
Encryption keys underpin everything from device authentication and secure updates to patient data protection. These keys are often generated and injected during manufacturing—making the OT environment a high-value target. A breach at this stage could:
- Cause legitimate devices to fail in the field due to failed authentication
- Expose secret keys, compromising every deployed device tied to that key
- Trigger recalls, patient safety incidents, and regulatory scrutiny
Medcrypt’s Guardian platform was built to address this. It provides:
- Secure key generation and provisioning—even across third-party manufacturers
- Key hierarchies that limit blast radius if a compromise occurs
- Cryptographic transparency aligned with FDA and industry best practices
This ensures that even in complex contract manufacturing setups, OEMs maintain cryptographic control - not just over their designs, but over the trust anchors embedded in their products.
The Buyer’s POV: Security Drives Decisions
While regulators and medical device manufacturers continue to raise the bar on cybersecurity, we also notice a shift in device operators’ awareness. As medical device connectivity and software directly impact operational capability, buyers are increasing their focus on security during the purchasing process and indicated willingness to pay a higher price for security,
RunSafe’s 2025 Medical Device Cybersecurity Index provides the supporting data and makes clear that security is no longer an IT issue - it is becoming a procurement requirement.
- 46% of healthcare organizations have declined medical device purchases due to cybersecurity concerns
- 79% are willing to pay a premium for runtime protection or built-in exploit prevention
- Only 12% expect advanced security at no additional cost
Hospitals and health systems are demanding transparency through SBOMs, built-in security features, and assurance that devices were produced securely - not just designed securely.
Conclusion: OT Security Isn’t Optional - It’s Operational
The FDA’s whitepaper may not yet be regulatory guidance, but it’s a window into the agency’s thinking—and the broader evolution of medical device oversight.
For manufacturers, this means the bar is rising:
- Secure your OT environments—whether in-house or through partners
- Treat provisioning infrastructure with the same rigor as clinical validation
- Adopt frameworks that are already common in adjacent industries
Because in the end, devices are only as trustworthy as the environment that built them.
