All MedTech Terms
380 sourced definitions covering the regulatory, quality, software, and cybersecurity vocabulary of modern medical devices.
Showing 1–24 of 39
AAMI SW96
AAMI/ANSI standard establishing requirements for medical-device cybersecurity activities throughout the lifecycle.
AAMI TIR57
AAMI Technical Information Report providing MedTech-specific guidance on cybersecurity risk management.
Common Vulnerabilities and Exposures(CVE)
A globally unique identifier for a publicly disclosed cybersecurity vulnerability.
Common Vulnerability Scoring System(CVSS)
An industry-standard 0–10 score that quantifies the severity of a software vulnerability.
Coordinated Vulnerability Disclosure(CVD)
A documented process for receiving, triaging, and responsibly disclosing security vulnerabilities reported by external researchers.
Cryptographic Agility
The designed-in ability to replace cryptographic primitives over a device's supported lifetime.
CycloneDX
A lightweight, OWASP-maintained SBOM format designed for application security and supply-chain use cases.
De-Identification of Health Data
The HIPAA-defined process of removing identifiers from PHI so the resulting data is no longer subject to the Privacy Rule.
Hardcoded Credentials
Secrets - passwords, API keys, certificates - embedded in firmware or source code shipped on every device.
HIPAA(HIPAA)
U.S. federal law governing the privacy and security of protected health information.
HITECH Act(HITECH)
U.S. law that strengthened HIPAA enforcement and introduced breach-notification requirements.
HSCC Joint Security Plan(HSCC JSP)
An industry-developed reference framework from the Healthcare Sector Coordinating Council for end-to-end MedTech cybersecurity.
IEC 80001-1
International standard for risk management of IT networks that incorporate medical devices.
IEC 81001-5-1
International standard defining secure-product-lifecycle activities for health software, including medical devices.
IMDRF Principles and Practices for Medical Device Cybersecurity
International harmonized guidance on medical-device cybersecurity from the IMDRF Cybersecurity Working Group.
ISO/IEC 27001(ISO 27001)
International standard for information security management systems (ISMS), often required of MedTech vendors by enterprise customers.
Legacy Device Cybersecurity
Cybersecurity considerations for medical devices that cannot be reasonably protected against current threats.
Manufacturer Disclosure Statement for Medical Device Security(MDS2)
A standardized form by which device manufacturers disclose security characteristics to healthcare delivery organizations.
NIST Cybersecurity Framework(NIST CSF)
A risk-based framework of cybersecurity functions and outcomes published by NIST and widely used to organize MedTech security programs.
NIST SP 800-53 / 800-171(NIST 800-53/171)
Federal control catalogs (800-53) and CUI-handling requirements (800-171) often referenced in MedTech contracts.
Over-the-Air Updates(OTA)
Remote, network-delivered software or firmware updates to a fielded medical device.
OWASP IoT and Embedded Application Security
OWASP project resources for securing IoT, embedded, and connected medical devices.
Patchability
The designed-in ability to deploy security updates to a fielded medical device in a timely, controlled, and verifiable manner.
Penetration Testing
Hands-on adversarial testing in which qualified independent testers attempt to exploit a device's security controls.