The ongoing (silent) storm in the medical devices industry and since when cybersecurity is a thing (38c3)

Medical technology is a heavily regulated industry and while there are very big name companies with deep pockets, small to medium manufacturers are struggling to keep up with the sheer amount of cybersecurity requirements. On top of all this, the requirements are many, qualified people are rare, and essential dependencies have shown not to be always stable. - Intro and giving a tangible sense of how heavily regulated is medical device industry - Dates and ongoing movements in the industry (eStar evolution, regulatory bodies, manufacturers, notified bodies, security companies, pentest providers) - How are the new aspects affecting new products and product updates: SBOM, threat modeling, security risk management - The long list of challenges, pitfalls and other fun aspects: legacy, embedded, certifications, SBOMs, CPEs, NVD chaos, risk management, etc.) Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/the-ongoing-silent-storm-in-the-medical-devices-industry-and-since-when-cybersecurity-is-a-thing/