The Anatomy of Connected Medical Devices: A Non-Technical Guide to the Ecosystem

Описание: Connected medical devices aren’t just “devices with an app.” The moment you add Bluetooth, Wi-Fi, Ethernet, or even a connector you “aren’t using yet,” you add risk, regulatory scope, and long-term security obligations.

In this Friday In-Focus session, Mark Omo (Engineering Director & General Manager, Marcus Engineering) walks through the anatomy of connected medical devices in plain language: the core building blocks, common connection architectures, where data (and security keys) actually live, and why most real-world cyberattacks happen through communication channels, not physical device access.

You’ll also learn why “accidentally connected” devices are a common trap, why relying on phones for critical functions can be risky, and how to think about post-market cybersecurity as an ongoing engineering commitment—not a one-time submission deliverable.

What you’ll learn:
• What counts as a “connected device” (and why unused radios still create risk)
• The four building blocks: sensing/actuation, processing/storage, transmission, and connectivity
• Why transmission channels are the primary attack surface
• How phone-connected, gateway-connected, and hospital/internet-connected architectures differ (risk + regulatory burden)
• What can go wrong when connectivity drops—and why you must analyze those scenarios for safety
• Why custom wireless protocols often fail (and the real-world consequences)
• Practical cybersecurity expectations: hostile network assumptions, pen testing, and post-market planning
• How to bridge cybersecurity vulnerabilities with patient-safety risk management
• A preview of emerging challenges: AI behavior in medical software and “fail-safe” design

Chapters below
00:00 – Welcome & session setup
07:05 – What’s next: upcoming sessions and why this topic matters now
09:23 – Announcements: AI Forward MOV100 release party
13:37 – What “connected” really means (Bluetooth/Wi-Fi/Ethernet—even if unused)
16:10 – The four building blocks of connected devices (sensor → compute → transmit → connect)
20:05 – Where processing happens (device vs cloud) and why it changes scope
23:10 – What data is stored (PII + security keys) and why uncertainty is a red flag
27:21 – Attack surfaces: why transmission is the #1 cyber entry point
31:31 – Why custom wireless protocols are dangerous (St. Jude pacemaker example)
34:35 – Phones as controllers: reliability risks, app termination, OS/device variability
40:33 – Remote commands & overrides: designing controls around the “worst possible” command
49:43 – Tooling for non-technical teams: the connected device Q&A chatbot
52:51 – Common connection architectures (phone / gateway / hospital-internet) and risk differences
55:47 – Why cybersecurity expertise is mandatory for internet-connected devices
01:03:48 – Pen testing vs ISO 27001: what they do (and don’t) cover
01:07:23 – AI as a “fallible user”: limiting permissions and designing safe failure modes
01:10:19 – ISO 13485 V&V when interfacing with other software/devices (apps/SaMD)
01:12:45 – Third-party/off-the-shelf software validation challenges
01:13:48 – Bridging security vulnerability analysis with patient-safety risk analysis
01:14:30 – Resources, slide deck, and continued content plans
01:16:41 – Closing + engagement and follow-ups


Friday In-Focus is MLVx’s weekly webinar series—always free, always interactive—spotlighting MedTech’s most experienced thinkers and doers.

👉 Join the MLVx community: https://members.mlvexchange.com
🎟️ Use code SEAN20 to save 20% on membership.