Printable versionSend by emailPDF version
October 1, 2018

The Medical Device Innovation Consortium (MDIC) is the first non-profit public-private partnership created with the sole objective of advancing medical device regulatory science. As part of that mission, the MDIC retained Debevoise & Plimpton LLP (Debevoise) and Alvarez & Marsal (A&M) to prepare this report encouraging the adoption of coordinated vulnerability disclosure (CVD) policies by medical device manufacturers (MDMs) in an effort to promote medical device cybersecurity and patient safety. 

CVD policies establish formalized processes for obtaining cybersecurity vulnerability information, assessing vulnerabilities, developing remediation strategies, and disclosing the existence of vulnerabilities and remediation approaches to various stakeholders—often including peer companies, customers, government regulators, cybersecurity information sharing organizations, and the public. 

This report addresses the importance of CVD policies for MDMs and stakeholders across the medical device ecosystem, including the creation of publicly available online portals to solicit vulnerability information.

Click here to access the full report >