Course Outline

CBCCP℠ program is focused on demonstrating knowledge of core regulations and standards in the area of biomed and Internet of Things (IoT) cybersecurity

Learning Objectives

  • Examine healthcare cybersecurity compliance mandates that impact biomed and IoT devices and systems.
  • Step thru key cybersecurity standards for protecting sensitive patient, medical and other sensitive information processed by biomed and IoT devices.
  • Walk thru a sample biomed and IoT cybersecurity policy.
  • Review best practices for establishing a credible, evidence-based biomed and IoT cybersecurity program.
  • Learn how to quantify, rank, interpret and remediate vulnerabilities and assets for HIPAA compliance.

Target Audience

The complete two-day Biomed & IoT Cybersecurity Training program targets:


  • Types of Medical Devices
  • Categorization of Medical Devices
  • Lifecycle of Medical Devices
  • Medical Device Information Systems
  • Medical Device Information Flow
  • Asset Management of Medical Devices
  • Stakeholders in Medical Devices Security
  • Lifecycle of Medical Devices
  • Shared Responsibility: Medical Device Safety, Performance and Security
  • State of biomed and IoT Cyber Risk
    • Vulnerabilities
    • IoT & DDoS
  • Global Harmonization Task Force (GHTF)
  • Healthcare Cybersecurity Compliance Mandates
    • HIPAA & PHI
    • SB 327 & PII
  • Cybersecurity Program
    • NIST Cybersecurity Framework
    • NIST IR 8228
  • Understanding UL 2900
  • Network Connecting Products, UL 2900-1
  • Medical and Healthcare Systems, UL 2900-2-1
  • Industrial Control Systems, UL 2900-2-2
  • Security and Life Safety Signaling Systems, UL 2900-2-3
  • IoT Cybersecurity
  • Getting Started: Key Steps
    • Risk Assessment
    • Vulnerability Assessment
    • Asset Management
    • Remediation
    • Policy
    • Procedure
    • Evidence

Certification Training Programs

  • Step through all major sections of HIPAA Final Rule.
  • Examine the HIPAA Privacy and Security Rules; HIPAA Transactions Code Sets and Identifiers.
  • Evaluate U.S. state cybersecurity mandates, including California, New York, Texas and others.
  • Examine ISO 27001 and NIST standards.
  • Recognize key concepts to comply with the European Union (EU) General Data Protection Regulation (GDPR).
  • Examine and build practical cybersecurity program.
  • Step through core components of an incident response plan.
  • Review key policies in the areas of risk assessment, mobile devices, cloud computing, encryption, and more.

In the News

Medical IoT Cybersecurity Solution: ecfirst Partners with Culinda!


GRC Conference (IIA + ISACA) Features Pabrai Brief, Asymmetric Attacks Mandate Credible Cybersecurity Program

Thought Leadership

Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP), HITRUST Certified CSF Practitioner (CCSFP) is the chief executive of ecfirst, an Inc. 500 business. He is a highly regarded information security and regulatory compliance expert.