UL logo
Empowering Trust™

Medical Device Cybersecurity: Combining Standards with the Hacker Mindset

Cybersecurity for Medical Devices

Tuesday, July 9, 2019 | 10 AM Central Time

In this one-hour webinar, we discuss various aspects of medical device cybersecurity and how attackers develop exploits to attack devices, and how it’s a lot easier than you’d think. We’ll also talk about how you can use this knowledge to more efficiently approach cybersecurity in medical device designs and standards compliance to the FDA Recognized UL 2900 family of standards. This is particularly important for manufacturers preparing to submit new network-connected devices and software into HDO procurement processes and into regulatory processes such as the US FDA 510(k) submission process or to meet other country-specific needs such as those of Health Canada, the MFDS in Korea, or NMPA in China.

  • What has happened in healthcare
  • How do the attackers do it
  • UL 2900 testing to establish a baseline of cybersecurity hygiene. 
    • The relationships among Basic Safety, Security, and Essential Performance
    • The role of process standards in UL 2900 testing (ISO 13485, ISO 14971, IEC 80001, IEC 62304)
    • QMS, RM, and SDLC processes can be used to address security Weaknesses and Vulnerabilities
  • How testing can promote defensive design
Click here to register. If you are unable to attend, you will receive a recording of the webinar. 


Anura Fernando, MSE
Chief Innovation Architect
Medical Systems Interoperability and Security, UL LLC.

Mr. Fernando currently has global responsibility for medical device software certification programs at UL and serves as UL’s technical lead for the development of the AAMI/UL 2800 family of standards for interoperable medical device safety and platform security, and the UL 2900-2-1 product-testing focused cybersecurity standard for healthcare. He also represents the U.S. in many international standards development efforts.

He has served on the US Department of Health and Human Services Cybersecurity Task Force, FDA Safety and Innovation Act (FDASIA) working group, FDA Medical Device Interoperability Coordinating Council, Medical Device Interoperability Safety Working Group, IECEE Expert Task Force, NIH QMDI Program Advisory Committee, NIH PRISM Industry Expert Committee, et al. He has been a longstanding member of the Association for the Advancement of Medical Instrumentation, Health Information Management Systems Society, and the International Council on Systems Engineering.

Mr. Fernando also leads UL’s cybersecurity collaboration efforts with the U.S. Department of Veterans Affairs and co-chaired the UL-VA Cybersecurity Cooperative Research and Development Agreement (CRADA) project.

In addition to holding degrees in Electrical Engineering, Biology/Chemistry, and Software Engineering, and having clinical medical experience, Mr. Fernando has over 21 years of experience at UL with safety critical software and control systems’ certification as well as with designing and developing laboratory test automation systems. His safety and security research spans multiple application domains – industrial automation, alternative energy, medical / laboratory, explosive atmospheres, bio-fuels, appliances, optical radiation, nanotechnology, and battery technologies, and includes research publications on predictive modeling and risk analysis, cybersecurity, systems of systems, software, Health IT, apps, wearables, interoperability, and medical device safety.

In addition to his research, Mr. Fernando manages multiple projects for bringing innovative new technologies to the market with numerous Fortune 500 companies as well as start-ups, DoD, DoE, DHS, FDA, FCC, ONC, NASA, and several U.S. National Laboratories.

Stephanie Domas
Vice President of Research and Development, MedSec.

In this role, she leads the development of cybersecurity products and services to support healthcare delivery organizations and medical device manufactures on design, architecture, verification, security risk management, regulatory filings, penetration testing, and execution of security best practices in the development of medical devices as well as vulnerability and asset management of connected medical devices in healthcare delivery organizations.

Ms. Domas is a registered Professional Engineer (PE), and a Certified Ethical Hacker (CEH). She sits on several standards committees involved in furthering cybersecurity for medical products, she has given a TEDx talk on medical product security and frequently publishes articles on healthcare cybersecurity topics.

Small header, 6 words or less recommended

General single column text area spanning width of page with 500-character count sample length. Text may contain bullets, numbered lists, text links. Here is a great place to use our messaging framework. UL applies science and objective authority to help people navigate market risk and complexity, and advance the responsible development, production, marketing, and use of the world’s products and innovations.

  • Enhance sustainability
  • Build workplace excellence
  • Protect brand reputation
  • Advance societal well-being
  • Deliver quality and performance
  • Confirm conformance
  • Demonstrate safety
  • Manage transparency
  • Strengthen security
Feature call-out box text, 10 words/80 characters recommended