The rapidly evolving landscape of technology poses significant risks for the longevity and security of medical devices, which often remain in use for extended periods. Joern Lubadel, the global head of product security at B. Braun, a prominent German medical device manufacturer, underscored this concern during a recent interview with Information Security Media Group at the HIMSS 2026 conference in Las Vegas, Nevada. Lubadel highlighted that medical devices are typically designed to last a decade or longer, making them particularly vulnerable in a world increasingly defined by quantum computing advancements.
According to Lubadel, the extensive investment required for medical devices means their operational lifespan can range from five years to over 25 years. This durability adds an additional layer of complexity when addressing the security vulnerabilities brought on by advancements in quantum computing. “These devices heavily rely on classical encryption techniques, such as RSA (Rivest-Shamir-Adleman) or ECC (Elliptic Curve Cryptography),” he explained. Unlike conventional computers, medical devices do not have the same capability for easy updates or replacements. It is impractical to simply remove these devices from healthcare settings, complicating efforts to ensure security against emerging threats.
To mitigate risks, Lubadel urged healthcare delivery organizations to proactively assess their inventories of medical devices. He recommended developing a “cryptographic bill of materials,” which would provide a comprehensive overview of existing encryption methods and their vulnerabilities. “This can be started now. There’s no reason you shouldn’t have that,” he emphasized, pointing out that preparedness in the face of emerging quantum threats is not only possible but necessary.
The discussion also delved into the broader spectrum of post-quantum concerns faced by entities within the healthcare sector. Lubadel referred to potential threats that could arise from the intersection of artificial intelligence and medical device cybersecurity. With the integration of AI in healthcare technologies, the implications for security challenges are vast and complex. The interview highlighted the imperative for organizations to adapt and fortify their cybersecurity measures, considering the unique vulnerabilities linked to both traditional and cutting-edge technologies.
Another critical aspect discussed involved the risks posed by new and evolving medical devices, particularly those that are implantable. As technologies advance, the landscape of medical devices becomes increasingly intricate, making risk management efforts even more challenging. The implications of these emerging technologies necessitate rigorous assessment strategies to safeguard patient data and device integrity.
Joern Lubadel’s extensive experience spans over 25 years in healthcare IT and product security, equipping him with a profound understanding of the nuances involved in medical technology and regulatory environments. His role at B. Braun includes a focus on implementing security by design throughout the product lifecycle. This commitment to fostering safe, compliant, and scalable solutions plays a pivotal role in enhancing the overall security framework for medical devices.
Furthermore, Lubadel actively contributes to international working groups and standards bodies, including organizations such as ISO and DIN. His involvement in industry associations like MedTech Europe and APACMed underscores his dedication to addressing cybersecurity concerns and translating them into actionable regulatory and engineering strategies. By collaborating with these organizations, Lubadel aims to strengthen global standards and best practices, ultimately enhancing the security measures that protect patients and healthcare providers alike.
In summary, as the healthcare industry grapples with the implications of emerging quantum computing technologies, the importance of proactive cybersecurity measures for medical devices cannot be overstated. Joern Lubadel’s insights serve as a compelling call to action for healthcare organizations to reassess and fortify their defenses against future threats, ensuring that the longevity and safety of medical devices are preserved in an increasingly complex technological environment. With the potential risks presented by both traditional and advanced medical technologies, the adoption of robust security practices is essential for safeguarding the future of healthcare.