How Medical Device Cyber Challenges Could Become Easier

Attack Surface Management , Healthcare , Industry Specific How Medical Device Cyber Challenges Could Become Easier Phil Englert of Health-ISAC on Promising Developments Marianne Kolbasuk McGee (HealthInfoSec) • March 12, 2026     15 Minutes    Share Post Share Credit Eligible Get Permission Audio Player 00:00 00:00 Use Up/Down Arrow keys to increase or decrease volume. Phil Englert, vice president of medical devices, Health-ISAC (Image: Health-ISAC) Medical device cybersecurity challenges are among the most complex for manufacturers and healthcare delivery organizations, but there are some promising developments underway that could help ease the pain, said Phil Englert, vice president of medical devices at the Health Information Sharing and Analysis Center. "As manufacturers are becoming more comfortable in sharing software bills of materials, and hospitals and healthcare systems know what components are in their medical devices, when things like SweynTooth come out, they can then scan their asset and sub-asset management systems and identify which devices may have this component," Englert said in an interview with Information Security Media Group during the HIMSS 2026 conference in Las Vegas, Nevada. Under U.S. Food and Drug Administration regulations that went into effect in 2023, medical devices makers are required to provide a software bill of materials for commercial, open-source and off-the-shelf components of their "cyber devices" as part of their pre-market submission. When pairing medical device SBOMs with evolving artificial intelligence enabled tools, Englert said the management of medical devices, including addressing vulnerabilities, will become easier. "The more consistent and high-quality SBOMs we get, the more effective we will be in managing and maintaining the resilience of our medical device infrastructure." In the interview (see audio link below photo), Englert also discussed: What makes medical device cybersecurity so challenging for manufacturers and healthcare delivery organizations; The impact of the FDA's enhanced regulatory authority over medical devices cybersecurity; Most promising developments involving medical device innovation. Englert, vice president of medical device security at the Health-ISAC, has over 30 years of technical and operational leadership experience in healthcare and life sciences. He was previously the chief product officer for MedSec, a cybersecurity consulting and services firm that focuses on hospitals and medical device manufacturers. Prior to that, he served as global leader for medical device cybersecurity at Deloitte, where he led client engagements developing medical device security programs.