Case Study medical devices by Ben Kokx - Philips

Medical devices are a heavily regulated domain with a long-standing focus on safety. Establishing good security practices is a challenge because of the different mindsets and vocabulary, lack of domain specific security standards, the different regulatory frameworks and customer expectations.

Cybersecurity requirements are included in the new European Medical Device Regulation, but what does ‘state of the art’ mean? How to deal with the patchwork of regulations that (indirectly) define security requirements for a single product such as GDPR, NIS and other regulations? Can standards help?

Establishing cyber resilience is not just the role of the manufacturer but also the user has a role to play. Security is a shared responsibility, but how can we frame this, what information needs to be shared?

Regulators, hospitals, manufacturers, notified bodies and standard development organizations are all on a joined journey to find the answers for the cybersecurity challenge.

During this session Ben Kokx will explain how Philips is addressing some of these issues and of their involvement in jointly shaping the way forward. Read more about this and other sector case studies.

View the slides of this presentation

About Ben Kokx

Director Product Security at philips

Ben Kokx joined Philips Healthcare in 2001 as a software designer for the interventional X-Ray business unit, and soon became responsible for the security features of these products. Ben is a member of the Philips Healthcare global product security team since the start of the program in 2003. Over the years, he worked as a product security and privacy officer in both business and market positions. Since 2012, Ben works in the central Product & Services Security Office where he, as Director of Product Security, is responsible for the product security policies, processes and standards across the Philips organization.

Ben is an eHealth security expert and leads several security related work groups within ISO/IEC, CEN/CENELEC and industry associations.