Health-ISAC Monthly Medical Device Security blog in TechNation
Written by Phil Englert, VP of Medical Device Security, Health-ISAC
By Phil Englert
In today’s interconnected healthcare environment, the cyber resilience of medical devices is inseparable from patient safety. As cyber threats increasingly target embedded systems and clinical networks, HTM professionals are on the front lines of safeguarding device integrity.
One of the most promising tools in this effort is the Software Bill of Materials (SBOM). Much like a parts list for software, an SBOM provides visibility into the components that make up a medical device’s software stack. For HTM teams, SBOMs offer a practical, actionable way to assess risk, streamline procurement, and respond to vulnerabilities ultimately supporting safer, more resilient care delivery.
An SBOM is a formal record of the software components, libraries, and dependencies that are included in a software product. For medical devices, this means knowing what open-source and proprietary code is embedded in the firmware, operating system, or application layer. SBOMs are machine-readable and standardized, enabling automated analysis and integration into cybersecurity workflows.
