Health Sector Coordinating Council’s Recommendations for Enhanced MedTech Cybersecurity Receives Further Industry Endorsement

 // News

April 19  

Velentium’s Director of Product Security helped draft industry standard

HOUSTON, TX – April 19, 2022 – Velentium, a professional engineering firm that specializes in the design and manufacturing of therapeutic and diagnostic active medical devices, announced today its support for new recommendations published by the Health Sector Coordinating Council’s Cybersecurity Working Group (CWG). Published in early March, “Model Contract Language for Medtech Cybersecurity (MC2)” is a new template for agreeing on cybersecurity contractual terms and conditions to reduce cost, complexity and time in the contracting process, while improving overall patient safety.

“Velentium welcomes this new tool into the med-tech arena, as it ultimately protects all parties involved in the healthcare process – from designers and manufacturers, to healthcare delivery organizations, to patients,” said Christopher Gates, Velentium’s Director of Product Security, who is a member of CWG. “The industry recognizes the complicated and uneven relationship and expectations between Medical Device Manufacturers (MDMs) and Health Delivery Organizations (HDOs), leading to potential patient safety implications. This template should begin to alleviate those tensions and lead to better solutions.”

“The HSCC’s Cybersecurity Working Group approached this project from a philosophy of continuous improvement,” Gates added, noting the broad consensus that the group had solicited from public sector cybersecurity organizations tasked with securing the nations critical infrastructure, in addition to the private sector collaboration it elicited from both MDMs and HDOs.

Two years in the making, this new Model Contract Language offers a reference for shared cooperation and coordination between HDOs and MDMs regarding the security compliance, management, operations, and services pertaining to medical devices, solutions, and connections. It deliberately avoids references to specific technologies and standards, instead pointing contract negotiators toward current resources and regulations. This approach helps ensure the MC2 remains forward-compatible with rapidly evolving technologies and legal innovations, such as the FDA’s recent update to its premarket submissions draft guidance on medical device cybersecurity.

Cybersecurity is a significant portion of Velentium’s service offering. In 2020, the company published the bestselling textbook Medical Device Cybersecurity for Engineers and Manufacturers, co-authored by Gates, with a similar goal of educating the industry on the vital need for a consistent focus on the topic, and the risks to patients, HDOs, and MDMs should cybersecurity continue to be treated as an afterthought. Shortly thereafter, Velentium designed and launched a formal training program on how to implement cybersecurity best practices and processes during design, development, production, and supply chain management, as well as pre- and post-market activities.

“Velentium’s clients understand that they have to design their medical device solutions with security in mind, right from the start of the project,” said Dan Purvis, co-founder and CEO of Velentium. “Materials like our textbook, training course, and the CWG’s model contract language allow all parties to understand their responsibilities. As there continues to be more uniformity and predictability between MDMs, HDOs, and group purchasing organizations in cross enterprise cybersecurity management expectations, the overarching results will be patient safety and a more secure and resilient healthcare system.”

To learn more about the Model Contract Language and how MDMs and HDOs can start utilizing this new tool, watch Velentium’s blog or social media for announcement of an upcoming webinar featuring Greg Garcia, Executive Director for Cybersecurity at the HSCC; Michelle Bentley, Manager of Security Resilience at Mayo Clinic; Axel Wirth, Chief Security Strategist at Medcrypt; and Velentium’s own Chris Gates.

To learn more about Velentium and keep up with the latest company updates and industry insights, visit

About Velentium

Headquartered in Houston, Texas with operations globally, Velentium is a professional engineering firm that specializes in the design and manufacturing of therapeutic and diagnostic active medical devices for Fortune 100 companies and startups. The company offers world-class expertise in software, usability, cybersecurity, electrical and mechanical development for medical equipment. Velentium transforms IP into safe and secure products that will support healthcare professionals, patients and communities, and ultimately, change lives for a better world. For more information, visit

Success message!
Warning message!
Error message!