The Evolving Landscape of Medical Device Cybersecurity: Insights from Phil Englert
In the realm of healthcare, the integration of technology and medical devices has transformed patient care, yet it has also introduced complex cybersecurity challenges. Recently, Phil Englert, the vice president of medical devices at the Health Information Sharing and Analysis Center (Health-ISAC), shed light on the current state and future prospects of medical device cybersecurity during an interview at the HIMSS 2026 conference held in Las Vegas, Nevada.
Englert emphasized the ongoing struggle faced by both manufacturers of medical devices and healthcare delivery organizations. The intricacies involved in safeguarding these critical devices have proven to be daunting. However, he noted that there are positive developments on the horizon that may alleviate some of the pressing concerns in this area. A notable advancement is the growing comfort among manufacturers to share software bills of materials (SBOMs). This transparency is essential as it allows hospitals and healthcare systems to understand the components that are embedded within their medical devices.
This shift is particularly significant when vulnerabilities, such as those posed by the recently highlighted SweynTooth exploit, are discovered. “When devices like SweynTooth emerge, hospitals can efficiently scan their asset and sub-asset management systems to identify which devices may contain the affected component,” Englert remarked. This capability is vital because it enables healthcare organizations to respond proactively to cybersecurity threats, ensuring patient safety and system integrity.
The landscape of regulatory oversight has also evolved, thanks to new regulations from the U.S. Food and Drug Administration (FDA). As of 2023, medical device manufacturers are mandated to provide a comprehensive software bill of materials for all commercial, open-source, and off-the-shelf components as part of their pre-market submissions. This requirement aims to enhance the transparency and security of medical devices before they reach the market.
Englert believes that the combination of detailed SBOMs and the emergence of artificial intelligence-enabled tools will revolutionize the management of medical devices. “When we pair high-quality SBOMs with advanced AI tools, addressing vulnerabilities will become much more manageable,” he stated. The implications of this integration are profound; it offers a pathway to not only respond to current cybersecurity threats but also to bolster the overall resilience of medical device infrastructures.
During the interview, Englert delved into several critical topics beyond the regulatory changes and technological advancements. He discussed the inherent complexities that make medical device cybersecurity such a challenging arena for manufacturers and healthcare organizations alike. Cybersecurity threats are not only technologically sophisticated but also increasingly prevalent, posing significant risks to patient data and device functionality.
Furthermore, the impact of the FDA’s enhanced regulatory authority was addressed. The new regulations empower the FDA to mandate specific cybersecurity measures that must be implemented by manufacturers. This shift represents a significant commitment from regulatory bodies to prioritize cybersecurity in the medical device sector. By creating a framework that insists upon cybersecurity considerations at the forefront of product development, the FDA is fostering a culture of proactive security.
Lastly, Englert highlighted the most promising developments he has observed within medical device innovation. The fusion of cybersecurity practices with innovative technological approaches not only fortifies device security but also enhances the functionality of these devices. As manufacturers become increasingly collaborative in sharing information about the components of their devices, the barriers that previously hindered effective cybersecurity strategies are slowly being dismantled.
Phil Englert’s extensive background in healthcare and cybersecurity provides him with unique insights into this critical field. With over 30 years of experience, including roles as chief product officer for MedSec and global leader for medical device cybersecurity at Deloitte, he has been at the forefront of addressing cybersecurity challenges in healthcare.
As the industry moves forward, it is clear that the collaboration between manufacturers, healthcare systems, and regulatory bodies will be essential. With the right tools, transparency, and regulatory support, the path toward improved medical device cybersecurity is becoming increasingly viable. The insights shared by Englert reflect a cautious optimism for the future of healthcare technology, where enhanced security measures will go hand in hand with innovative advancements in medical device functionality.