Medical devices Hardening Workshop
RCCE students will learn medical device cybersecurity including FDA premarket and postmarket guidance, medical device network security, legacy device protection, clinical network segmentation, and healthcare IoT security. RCCE students will learn to assess medical device cybersecurity risks in clinical environments, implement network segmentation to isolate medical devices from general IT networks, manage legacy medical device vulnerabilities without disrupting patient care, comply with FDA cybersecurity guidance and HIPAA security requirements, monitor medical device communications for anomalies, coordinate vulnerability disclosure with device manufacturers, and respond to cybersecurity incidents affecting medical devices while maintaining patient safety. This hands-on hardening course focuses on reducing attack surface through practical configuration changes and security guardrails. Starting from foundational concepts, RCCE students will learn to apply hardening baselines, validate configurations, and measure the security improvement achieved. Students walk away with actionable hardening checklists and the skills to maintain hardened configurations as environments evolve.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Medical devices Hardening Workshop
- Execute hands-on tasks for medical devices
- Execute hands-on tasks for hardening workshop
- Execute hands-on tasks for securing clinical technology through practical configuration hardening
- Execute hands-on tasks for knowledge goals
- Execute hands-on tasks for skill goals — covering Hands-On Outcome.
- Execute hands-on tasks for why medical device security matters
- Execute hands-on tasks for patient safety is the top priority — covering Compromised devices risk patient lives directly.
- Explain Medical Device Ecosystem Overview fundamentals
- Execute hands-on tasks for device categories — covering Infusion pumps, ventilators, imaging, Wearable monitors and implantable.
- Execute hands-on tasks for device manufacturers (mdms) — covering Hospital IT and biomedical engineering.
- Execute hands-on tasks for connectivity types — covering Wired Ethernet, Wi-Fi, Bluetooth/BLE, Serial interfaces and proprietary protocols.
- Execute hands-on tasks for wired ethernet, wi-fi, bluetooth/ble — covering Serial interfaces and proprietary protocols.
| Module 01 | Medical Devices |
| Module 02 | Hardening Workshop |
| Module 03 | Securing Clinical Technology Through Practical Configuration Hardening |
| Module 04 | Knowledge Goals |
| Module 05 | Skill Goals |
| Module 06 | Why Medical Device Security Matters |
| Module 07 | Patient Safety Is the Top Priority |
| Module 08 | Medical Device Ecosystem Overview |
| Module 09 | Device Categories |
| Module 10 | Device manufacturers (MDMs) |
| Module 11 | Connectivity Types |
| Module 12 | Wired Ethernet, Wi-Fi, Bluetooth/BLE |
| Module 13 | Data Flows |
| Module 14 | Patient health info (PHI) to EHR systems |
All hands-on labs run on Rocheston Rose X OS. Students practice medical devices hardening workshop by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for medical devices
- Lab 2: Execute hands-on tasks for hardening workshop
- Lab 3: Execute hands-on tasks for securing clinical technology through practical configuration hardening
- Lab 4: Execute hands-on tasks for knowledge goals
- Lab 5: Execute hands-on tasks for skill goals
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Medical devices Hardening Workshop, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI