Skip to content

Secure Development in Medicine

Cybersecurity for connected medical devices and medical device software

Heilbronn University of Applied Sciences (HHN) | Faculty of Computer Science

This module is part of the certificate ”Secure Development of Medical Information Systems”

Teaching Language: German

Workload: 0h presence / 42h online / 138h self-study = 180h total1 (6 ETCS)

Target Group: Master’s students in medical informatics and medical engineering

Pretty young student studying at home sitting at her dining table with a large binder of notes checking something on the screen of her laptop computer
top view of Medicine doctor hand working with modern computer and smart phone on wooden desk as medical concept-1
Focused classmates studying together and using laptop in library

Consultation & Registration:
If you have any questions, please do not hesitate to contact us:

Form of teaching: Assignments incl. group work, literature and scientific articles for self-study, final exam  

Nowadays, more and more diagnostic and therapeutic functionality are realized „in silico“: software becomes a medical device. Medical devices are regulated worldwide in order to ensure safety, reliability and effectiveness. Another big trend is interconnectivity of medical devices. Unfortunately this gives attackers the opportunity to exploit existing vulnerabilities.

Therefore, regulatory agencies worldwide consider security more and more as an integral part of the product lifecycle. Many software-based medical devices do not have adequate security precautions, e.g. implantable pacemakers and insulin pumps (Rios and Butts, 2018). This module addresses these shortcomings and enables learners to build secure software for medical devices.

Learning Objectives

In this module, security measures and activities for each phase of the software development cycle are presented, discussed and practiced using an example from the field of "medical device software".

Topics covered include:

          • Secure SW development cycle (e.g. the Microsoft Secure Development Lifecycle)

          • Specification of security requirements, misuse cases and attack trees

          • Threat modeling and best practice countermeasures

          • Risk-based assessment of threats (e.g. according to the OWASP Risk Rating Methodology)

          • How to implement security in requirements analysis, design and on code level

          • Common vulnerabilities, basic security design principles and best security practices

          • Hacking of vulnerable applications

          • Secure implementation of critical software building blocks (e.g. 2-factor authentication) that are frequently required

          • Security tests

          • Secure SW deployment, secure operation and post-market security


Introduction Bibliography:

Rios, B., and Butts, J. (2018). Understanding and Exploiting Implanted Medical Devices. Black Hat USA 2018, Las Vegas, Nevada, USA.


1The times serve as rough orientation. The real times may differ.