Your browser is out of date

With an updated browser, you will have a better Medtronic website experience. Update my browser now.

×

Skip to main content

Medical devices are potential targets of cyberattacks, and we anticipate those risks to increase and evolve over time. However, Medtronic firmly believes that the therapeutic benefits of our products far outweigh any potential security risks. We continuously monitor the ongoing security of our products and operations and take appropriate action to address vulnerabilities.

Product security

Medtronic’s Global Product Security Office approach is two-fold:

  • We embed subject-matter security experts within each operating unit. The product security program practices are executed by security subject matter experts within the businesses and are supported by an enterprise-wide, cross-functional team. This enables Medtronic to embed security considerations into the full product lifecycle. This structure provides product security governance and oversight and allows for the establishment of policies and procedures that apply across our wide range of therapies and geographies. Additionally, the product security program is supported by rigorous quality processes managed by our Enterprise Quality organization.
  • We have an integrated enterprise-wide security team that works across the entire organization. The Product Security Office is integrated into Medtronic’s Enterprise Quality organization. This team works cross-functionally across the business to provide broad security expertise, governance, and oversight on product security issues. They proactively share information to foster a culture of learning and best practices across a global organization and augment the security experts within each business unit by providing resources to conduct independent and expert security consultation. Additionally, the team oversees and manages the coordinated vulnerability disclosure program.

Externally, Medtronic works closely with government agencies, industry partners, security researchers, trade associations, subject matter working groups, business partners, and vendors to enhance security efforts across the medical device and healthcare industry and to inform and shape the guidance and regulatory landscape.

Information security

Two male employees look at the same computer screen.

Protecting information is critically important to Medtronic. We have strong processes, technologies, and people in place to safeguard and to protect our information and systems, the information of our business partners, and most importantly, the privacy and safety of the patients and healthcare providers that use our products.

While no system of security can provide 100 percent protection, we take a layered approach to security with dedicated resources and processes to help prevent, detect, and respond to cyber threats.

We align our oversight and management of infrastructure cybersecurity based on the International Organization for Standardization/International Electrotechnical Commission’s 27000 series (ISO/IEC 27000) and to the NIST Cybersecurity Framework. We have compliance and development programs in place for the healthcare technology devices, systems, and services we sell consistent with applicable medical device regulatory requirements, some of which are listed below:

  • Governing laws, standards, and compliance requirements
  • Architecture and standards
  • Security operations/intelligence
  • Physical security
  • Human factors and privacy/security culture
  • Communications and network security
  • Product and device security