Menu

  • Product Security & Cybersecurity

    • Medical devices are potential targets of cyberattacks, and we anticipate those risks to increase and evolve over time. With the appropriate security measures in place, the therapeutic benefits of our products outweigh potential security risks. Additionally, we actively monitor the security of our products and operations. taking swift action to address vulnerabilities and safeguard patient trust.

    Product security

    The Medtronic approach to product security is built on three pillars:

    Patient safety is non-negotiable. Medtronic products are designed to perform reliably in real-world conditions.

    Medtronic proactively monitors and supports secure use of our technologies throughout their lifecycle.

    We foster a strong security culture by empowering our people, collaborating with trusted partners, and advancing innovative programs.

    Product security is built into everything we do.

    • Our security-by-design approach ensures that product security is integrated into our quality systems from the start. By embedding dedicated product security engineers within development teams and leveraging security subject matter experts across our businesses, we prioritize patient safety throughout the entire product lifecycle.
    • Trust through transparency is at the core of our security program. We proactively monitor for potential security signals, conduct routine testing, and maintain a coordinated vulnerability disclosure program to transparently communicate with the public.
    • We have built a strong security culture both inside Medtronic and across the medical device industry, leading security initiatives in industry groups and trade associations. Our security teams have engaged directly with the security research community through the Biohacking Village at DEFCON since 2019, and we continue to innovate on security in the medical device industry.

    Medtronic partners with government agencies, industry partners, security researchers, trade associations, subject matter working groups, business partners, and vendors to enhance security efforts across the medical device and healthcare industry. Together, we shape regulatory guidance and advance security standards for the benefit of patients worldwide.

    Cyber and information security

    Two male employees look at the same computer screen.

    Protecting information is critically important to Medtronic. We have strong processes, technologies, and people in place to safeguard our information and systems, the information of our business partners, and most importantly, the safety and security of the patients and healthcare providers who rely on our products.

    While no system of security can guarantee 100% percent protection, we take a layered security approach with dedicated resources and processes to help prevent, detect, and respond to cyber threats.

    Our approach is grounded in globally recognized standards.

    We align our infrastructure cybersecurity practices with the International Organization for Standardization/International Electrotechnical Commission’s 27000 series (ISO/IEC 27000) and to the NIST Cybersecurity Framework. We have compliance and development programs in place for the healthcare technology devices, systems, and services that meet applicable medical device regulatory requirements.

    Key focus areas include:

    • Governing laws, standards, and compliance requirements
    • Architecture and standards
    • Security operations/intelligence
    • Physical security
    • Human factors and security culture
    • Communications and network security
    • Product and device security