Medical Device Cybersecurity 101 for HTM Professionals

Upcoming Courses


Today the news is inundated with stories about cybersecurity compromised businesses, public services, and government operations.  Among those we often hear as being compromised are hospitals and healthcare-related organizations.  When compromises to healthcare organizations do occur, they have frequently shut down a department’s or an entire organization’s operations so that their ability to deliver healthcare and even patient safety can be adversely affected in a severe way.

While advancements in medical technology in recent years have led to great improvements in healthcare delivery, those same technology advancements are also creating new cybersecurity risks that, if not properly mitigated, could produce disastrous effects for healthcare organizations and their patients.  The first step in mitigating the growing cybersecurity risks associated with medical technology is to educate the CE/HTM community.


Over six hours and 22 sessions, the AAMI Medical Device Cybersecurity Educational Program for HTM Professionals is designed to provide attendees with:

  • a general understanding of today's growing cyber threat landscape as well as cybersecurity concepts and terminology
  • an appreciation of the medical device cybersecurity risks that exist today
  • an understanding of the processes necessary for implementing an effective medical device security risk management program
  • a familiarity with regulations as well as appropriate standards and guidances associated with medical device security and how they should be applied
  • the ability to integrate medical device cybersecurity effectively into an organization’s other information security processes and the organization’s emergency plan


Virtual Training Information

Our virtual training environment allows you to have direct interaction with your instructors and your fellow attendees. AAMI uses Zoom for virtual classes. You can test your connectivity and ability to use Zoom at
For virtual training courses, we request that you register at least one week in advance of the course start date to allow sufficient time for shipping of training materials and devices (Please allow two weeks for non-U.S. addresses). If you register within these time frames, AAMI cannot guarantee you will receive material prior to the start of the course but you will have access to digital versions of the materials. If you have any questions, please email


Stephen Grimes

Stephen L. Grimes

Mr.  Grimes is recognized as one of the industry’s first and more prominent experts on the issue of medical device security.  He originally drew the industry’s attention to the growing risks associated with medical device security compromises through a series of articles, presentations and national symposia beginning in 2001.  In 2004, Mr. Grimes authored the ACCE/ECRI Information Security for Biomedical Technology:  A Compliance Guide … the industry’s first definitive guide for healthcare delivery organizations (HDOs) on identifying and mitigating medical device security risks.  Also, in 2004, he conceived of and managed the development of the Manufacturer’s Disclosure Statement for Medical Device Security (MDS2) while chairing HIMSS’ Medical Device Security Task Force.  He later participated on the NEMA standards committees that led to the adoption of the 2005 and 2013 versions of the MDS2 as formal industry standard.  He also served as a member of the US/TAG to ISO/TC 215 HEALTH INFORMATICS and Joint Working Group 7 that developed the 2010 ISO/IEC/AAAMI standard IEC 80001-1: Application of risk management for IT-networks incorporating medical devices.
recently he co-edited the Medical Device Cybersecurity: A Guide for HTM Professionals” published by the Association for the Advancement of Medical Instrumentation (AAMI) in May 2018. Over the years to the present, Mr. Grimes has continued to speak and write on how healthcare delivery organizations (HDOs) need to address the evolving medical device security threat.  During his eight-year tenure (2007-2015) at ABM Healthcare Support Services in the capacity of Chief Technology Officer and senior consultant, he has also developed programs, procedures and tools for that organization’s 300+ clients (with medical device inventories totaling over 500,000) that addressed data security management in the device life cycle.  He has co-taught a Medical Device CyberSecurity course to graduate clinical engineering students at the University of Connecticut since 2019.
Axel Wirth

Axel Wirth

As internationally recognized expert on the topic of Medical Device Cybersecurity, Axel Wirth has been a longstanding contributor to the healthcare industry. Through his participation in many working groups and his extensive body of work through publications and presentations, he has helped advance the common understanding of cybersecurity in general and in specific in the medical device ecosystem. Especially his long-standing focus on education and enablement has helped many to deepen their understanding of the topic.  
He is an active participant in industry and standards organizations, serves on boards and committees, and is a frequent speaker on subjects such as healthcare cybersecurity and privacy, medical device security, regulatory compliance, and related healthcare-specific topics. Wirth is the Chief Security Strategist at MedCrypt and as adjunct professor, he teaches a Medical Device Cybersecurity course at the University of Connecticut clinical engineering graduate program as well as guides healthcare-focused cybersecurity startup companies as an advisory board member. 
In recognition of his accomplishments, he has been awarded the “2018 ACCE/HIMSS Excellence in Clinical Engineering & IT Synergies Award” and the “ACCE 2019 Clinical Engineering Advocacy Award” as well as has been recognized as a Fellow by AAMI (Association for the Advancement of Medical Instrumentation) and HIMSS (Healthcare Information and Management Systems Society).