HKSQ Seminar on Medical Device Cybersecurity

HKSQ and ECTest coorganized a seminar named “Medical Device Cybersecurity: Lessons from Real Incidents and Introduction to IEC 81001-5-1 Security Requirement” which had been supported by COMP Dept., PolyU on 10^th Apr 2026. This seminar aimed to share lessons from real incidents and provided an introduction to IEC 81001-5-1, highlighting why cybersecurity becoming an essential part of modern medical device quality, safety and trust. Before the seminar, Dr. Jane Wong (Chairman, HKSQ), Ms. Angela Wong (Vice-chairman, HKSQ), Mr. Keith Kwok (Exco member, HKSQ) and I took a group photo with the speaker Dr. Norton H.Y. Yuen. Since Dr. Jane Wong had another event tonight, she left after photo taken.

In the beginning, Dr. Norton HY Yuen (Managing Director, The One Testing Technology Co., Ltd. and CEO, ECTest Co., Ltd (HK)) introduced that the Hospital Authority (HA) has experienced several information security incidents recently and have resulted in the leakage of patients' personal information.

He discussed if hacker who broke into our hospital and then encrypt and sell all patients’ personal information. This is a disaster.

He then discussed the information security vulnerabilities of pacemaker devices. This involves not only the hardware itself, but also its connection to the cloud, that is, the entire ecosystem.

Dr. Yuen showed the demo device that had several ports. He said if the port is no use, it should be blocked to reduce the risk.

And then Medical Device Safety Triangle were introduced and they are Patient, Device and Network.

After that he told us why the traditional medical device quality methodology was not enough. Because it hasn’t considered the cybersecurity, malicious actors and adversarial scenarios. 

Finally, IEC 81001-5-1:2021 Health software and health IT systems safety, effectiveness and security – Part 5-1: Security – Activities in the product life cycle was introduced.

My colleague Dr. Jeff Tang supported the seminar.

Dr. Norton Yuen stated four core elements of the standard and they are Threat Modelling, Secure Design, Security Requirements and Vulnerability Management. 

Lastly, he concluded that designing trust rather than technology.

My colleague Prof. WANG Qixin who interested this topic and exchange idea during Q&A session.

After the seminar, I represented COMP to present souvenir to Dr. Yuen and took a group photo with COMP colleagues.

Then HKSQ members joined together for group photos.

I also selfie for memory.

And then we had dinner with speaker, HKSQ members and COMP colleague together.

(Left: Mr. Keith Kwok, Mr. Stanley Sze, Dr. Norton Yuen, Ms. Angela Wong, I and Dr. Jeff Tang.)

Reference:

HKSQ - http://www.hksq.org/

20251106: Cyber Security Summit Hong Kong 2025 - https://qualityalchemist.blogspot.com/2025/11/cyber-security-summit-hong-kong-2025.html

20250801: HKSQ AGM 2025 & Seminar on Cyber Crisis Management – Insights from Digital Firefighters - https://qualityalchemist.blogspot.com/2025/08/hksq-agm-2025-seminar-on-cyber-crisis.html