Skip to main content

eServices scheduled downtime, July 11–July 13 | Fall 2025 Registration window now open. | Undergraduate Final Deadline is July 28 for fall term
Metropolitan State University (Home)

CYBR 371 Cybersecurity for Medical Devices

As medical devices become increasingly interconnected and reliant on digital technologies, they introduce new cybersecurity risks that can impact patient safety and healthcare operations. This course provides an in-depth examination of the security challenges, regulatory requirements, and risk management strategies associated with medical device cybersecurity. Students will explore the evolving landscape of medical device threats and vulnerabilities while analyzing relevant cybersecurity regulations, standards, and best practices. Through case studies, technical labs, and real-world scenarios, students will develop the foundational knowledge necessary to secure medical devices throughout their lifecycle. Topics include threat modeling, security controls, patching strategies, incident response, and emerging technologies such as artificial intelligence (AI), mobile health applications, and wearables. By the end of the course, students will be equipped with practical skills to assess, secure, and manage cybersecurity risks in medical device environments, ensuring compliance with regulatory frameworks and safeguarding patient safety.

Prerequisites

Special information

Note: Students are responsible to both be aware of and abide by prerequisites for ICS/CYBR courses for which they enroll, and will be administratively dropped from a course if they have not met prerequisites.
4 Undergraduate credits

Effective December 11, 2023 to present

Learning outcomes

General

  • Describe medical devices, their operational challenges, and the unique cybersecurity risks they pose within healthcare environments.
  • Identify and examine cybersecurity regulations, standards, guidance, and best practices to secure medical devices within an organizational cybersecurity framework.
  • Develop and apply security policies and controls for connected medical devices, integrating threat modeling, patching, and risk management strategies across the Total Product Lifecycle (TPLC).
  • Design and implement a structured approach for conducting pre- and post-market medical device security assessments, including incident response and disaster recovery planning.
  • Analyze cybersecurity risks and evaluate mitigation strategies for emerging medical device technologies, such as AI-driven systems, mobile applications, wearables, and sensitive healthcare data protection.
  • Assess and justify ethical considerations in medical device cybersecurity, including patient safety, data privacy, regulatory compliance, and responsible vulnerability disclosure.