April 02, 2026

Cyber Security Expectations in the Medical Supply Chain

20 minutes

In this episode of InfoSec Insider – Talk Cyber, Stuart Moran and George Ryan, Consultants at URM, explore recent shifts in cyber security expectations and regulatory requirements faced by organisations in the medical supply chain, both in the UK and across the globe. Stuart and George leverage their extensive experience helping organisations in the medical sector enhance information and cyber security to discuss:

The NHS’ recent open letter to suppliers, which highlights tighter scrutiny and more direct engagement, and what this means for NHS suppliers

Which of the NHS’ new cyber security requirements for suppliers (MFA, continuous monitoring and immutable backups) will be most challenging to embed and why

The biggest gaps and understanding or readiness among suppliers implementing the Data Security and Protection Toolkit (DSPT), and the practical differences between Categories 2 and 3 of the DSPT

How shifts in standards such as ISO 13485 and the broader medical device regulatory landscape will influence suppliers’ design and manufacturing of their products, particularly around software and AI

How the FDA’s power to deny market access to medical devices with insufficient cyber security may impact UK suppliers operating internationally, and whether this hints at a broader, global trend towards stricter cyber controls.

Learn more about this topic:

https://www.urmconsulting.com/blog/iso-13485-and-beyond-key-updates-shaping-the-medical-device-regulatory-landscape 

https://www.urmconsulting.com/blog/nhs-cyber-security-open-letter-what-does-it-mean-for-suppliers

If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider          

You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts        

Brought to you by URM, the UK’s leading information and cyber security specialists.

...more

View all episodes

By URM Consulting

April 02, 2026

Cyber Security Expectations in the Medical Supply Chain

20 minutes

The NHS’ recent open letter to suppliers, which highlights tighter scrutiny and more direct engagement, and what this means for NHS suppliers

Which of the NHS’ new cyber security requirements for suppliers (MFA, continuous monitoring and immutable backups) will be most challenging to embed and why

The biggest gaps and understanding or readiness among suppliers implementing the Data Security and Protection Toolkit (DSPT), and the practical differences between Categories 2 and 3 of the DSPT

Learn more about this topic:

https://www.urmconsulting.com/blog/iso-13485-and-beyond-key-updates-shaping-the-medical-device-regulatory-landscape 

https://www.urmconsulting.com/blog/nhs-cyber-security-open-letter-what-does-it-mean-for-suppliers

If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider          

You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts        

Brought to you by URM, the UK’s leading information and cyber security specialists.

...more

Share Cyber Security Expectations in the Medical Supply Chain

Sign up to save your podcasts

Cyber Security Expectations in the Medical Supply Chain

Cyber Security Expectations in the Medical Supply Chain