When a Vulnerability Drops: Coordinating Cybersecurity Response Across Hospitals and Manufacturers

When a Vulnerability Drops: Coordinating Cybersecurity Response Across Hospitals and Manufacturers

Thursday, March 12, 2026 9:40 AM to 10:00 AM · 20 min. (US/Pacific)
Cybersecurity Command Center | Level 1 | The Park (Hall G) | Booth 10001
Cybersecurity Command Center
Cybersecurity

Information

When a new medical device vulnerability is disclosed, the clock starts ticking and the effectiveness of the response depends less on technology and more on coordination between hospitals and manufacturers. Too often, gaps in communication, unclear roles, and mismatched expectations leave healthcare organizations struggling to manage risk while waiting for fixes that may take weeks or months to arrive. 

This session examines what actually needs to happen when a vulnerability drops, and how hospitals and medical device manufactuers can work together to reduce risk, maintain clinical operations, and protect patient safety. Using real-world response scenarios, we will explore the critical momnets incuding the notification and subsequent activities around vulnerability disclosure: how hospitals should assess exposure and implement interim mitigations, and how manufacturers can provide clear, timely guidance when patches are not immediately available. 

Attendees will learn why effective vulnerability response goes far beyond issuing an advisory. Manufacturers play a key role in communicating secure configuration guidance, compensating controls, and realistic remediation timelines. Hospitals, in turn, need accurate visibility into device security capabilities, information that is often documented in the Manufacturer Disclosure Statement for Medical Device Security (MDs2) but frequently not requested or fully utilized. 

The session will also address the growing challenge of legacy and end-of-support devices, where cybersecurity responsibility increasingly shifts to hospitals. We will discuss how this transition should be communicated, what risks it introduces, and how hospitals can plan for secure operation when manufacturer support ends. 

Finally, the session will outline practical strategies for improving coordination before the next vulnerability hits: establishing communication pathways, defining shared responsibilities, and aligning expectations across the device lifecycle. Attendees will leave the actionable guidance to ensure that when the next vulnerability drops, response efforts are faster, clearer, and far more effective - because in medical device cybersecurity, timing and collaboration are everything. 

Target Audience
CISO/CSOClinical TechnologistResearch and Development Professional
Format
20-Minute Show Floor Session
Session #
CS25
MedSec10903As the global leader in medical device product security services, we empower companies to navigate the evolving landscape of cybersecurity with confidence. Our highly qualified and experienced team brings deep expertise to tackle the most complex challenges, ensuring your devices remain secure, compliant, and resilient. At the heart of our success is a commitment to collaboration and creative problem-solving. We work alongside your teams to develop innovative, cost-effective security solutions tailored to your needs. By partnering with us, you gain unmatched efficiency and cost savings, eliminating unnecessary steps and accessing the industry's most experienced experts from Day 1.

Log in

See all the content and easy-to-use features by logging in or registering!