Log4Shell Resources

General Resources

EDUCATION and Certifications

As more health-related devices connect to the internet, privacy and security challenges continue to multiply. Salve Regina University’s graduate certificate in cybersecurity and healthcare administration prepares professionals to proactively manage and mitigate against current and emerging cybersecurity threats in the health care environment.

The Biomedical Engineering (BME) Department at the University of Connecticut School of Engineering has been offering a Clinical Engineering internship program for over 25 years. The Master of Engineering in Clinical Engineering is designed and geared toward working professionals in this field.

SANS offers courses at varying levels and focused on respective sub-specialties and roles. Launched in 1989 as a cooperative for information security thought leadership, it is SANS’ ongoing mission to empower cyber security professionals with the practical skills and knowledge they need to make our world a safer place. See suggested Cyber Security Skills Roadmap.

(ISC)² is an international, nonprofit membership association for information security leaders. The HCISPP certification combines cybersecurity skills with privacy best practices and techniques. It demonstrates you have the knowledge and ability to implement, manage and assess security and privacy controls to protect healthcare organizations using policies and procedures established by the cybersecurity experts at (ISC)².

Earning the CISSP proves you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program. With a CISSP, you validate your expertise and become an (ISC)² member, unlocking a broad array of exclusive resources, educational tools, and peer-to-peer networking opportunities.

Generally available

Best Practices

and Resources

The Medical Device and Health IT Joint Security Plan id the product of a task group established under the auspices of the HSCC JCWG and composed of medical technology, health IT, and health delivery organizations, as well as the FDA, to address a major recommendation of the Health Care Industry Cybersecurity Task Force report from June 2017 calling for a cross-sector strategy to strengthen cybersecurity in medical devices.

In January through April of 2021, NTIA hosted SBOM info sessions for the Energy and Bulk Power community, offering some background and more technical information around SBOM. Slides and videos are included

The Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook outlines a framework for health delivery organizations (HDOs) and other stakeholders to plan for and respond to cybersecurity incidents around medical devices, ensure effectiveness of devices, and protect patient safety.

The MITRE Corporation, under contract to FDA, developed a rubric that provides guidance for how an analyst can utilize CVSS as part of a risk assessment for a medical device.

The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity issues.

EDUCATIONAL Organizations

The Association for the Advancement of Medical Instrumentation (AAMI) is a nonprofit organization founded in 1967. It is a diverse community of more than 9,000 professionals united by one important mission—the development, management, and use of safe and effective health technology. 

The Healthcare and Public Health Sector Coordinating Council (HSCC) is a coalition of industry associations and their members. It has been a platform for collaboration among healthcare industry leaders and the government for more than a decade to address the most pressing security and resiliency challenges to the healthcare sector as a whole.

The Biohacking Village, a 501(c)3 organization, has built credibility across the healthcare community, established a safe space for difficult discussions, and supported researchers as they innovate. They have a large library of talks on YouTube.

NICE offers free and low-cost online educational content on topics such as information technology and cybersecurity. Some, not all, may contribute towards professional learning objectives or lead to industry certifications and online degrees. Please note that this site will continue to be updated as new information is gathered and edited for clarity and accuracy.

The European Union Agency for Cybersecurity, ENISA has placed Capacity Building as a strategic objective on its new strategy. In this content ENISA is committed to support and strengthen the enhancement of cybersecurity skills and competence across at all levels, from the non-experts to the highly skilled professionals.

Books and Papers

By Axel Wirth, Christopher Gates, Jason Smith

Cybersecurity for medical devices is no longer optional. We must not allow sensationalism or headlines to drive the discussion… Nevertheless, we must proceed with urgency. In the end, this is about preventing patient harm and preserving patient trust.

With the implantation of software-driven devices comes unique privacy and security threats to the human body.


Guidance Documents