Course Outline

CBCCP℠ program is focused on demonstrating knowledge of core regulations and standards in the area of biomed and Internet of Things (IoT) cybersecurity

Learning Objectives

  • Examine healthcare cybersecurity compliance mandates that impact biomed and IoT devices and systems.
  • Step thru key cybersecurity standards for protecting sensitive patient, medical and other sensitive information processed by biomed and IoT devices.
  • Walk thru a sample biomed and IoT cybersecurity policy.
  • Review best practices for establishing a credible, evidence-based biomed and IoT cybersecurity program.
  • Learn how to quantify, rank, interpret and remediate vulnerabilities and assets for HIPAA compliance.

Target Audience

The complete two-day Biomed & IoT Cybersecurity Training program targets:


  • Types of Medical Devices
  • Categorization of Medical Devices
  • Lifecycle of Medical Devices
  • Medical Device Information Systems
  • Medical Device Information Flow
  • Asset Management of Medical Devices
  • Stakeholders in Medical Devices Security
  • Lifecycle of Medical Devices
  • Shared Responsibility: Medical Device Safety, Performance and Security
  • State of biomed and IoT Cyber Risk
    • Vulnerabilities
    • IoT & DDoS
  • Global Harmonization Task Force (GHTF)
  • Healthcare Cybersecurity Compliance Mandates
    • HIPAA & PHI
    • SB 327 & PII
  • Cybersecurity Program
    • NIST Cybersecurity Framework
    • NIST IR 8228
  • Understanding UL 2900
  • Network Connecting Products, UL 2900-1
  • Medical and Healthcare Systems, UL 2900-2-1
  • Industrial Control Systems, UL 2900-2-2
  • Security and Life Safety Signaling Systems, UL 2900-2-3
  • IoT Cybersecurity
  • Getting Started: Key Steps
    • Risk Assessment
    • Vulnerability Assessment
    • Asset Management
    • Remediation
    • Policy
    • Procedure
    • Evidence

Certification Training Programs

  • Step through all major sections of HIPAA Final Rule.
  • Examine the HIPAA Privacy and Security Rules; HIPAA Transactions Code Sets and Identifiers.
  • Evaluate U.S. state cybersecurity mandates, including California, New York, Texas and others.
  • Examine ISO 27001 and NIST standards.
  • Recognize key concepts to comply with the European Union (EU) General Data Protection Regulation (GDPR).
  • Examine and build practical cybersecurity program.
  • Step through core components of an incident response plan.
  • Review key policies in the areas of risk assessment, mobile devices, cloud computing, encryption, and more.

In the News

Medical IoT Cybersecurity Solution: ecfirst Partners with Culinda!


The Center for Health Affairs & ecfirst Partner to Help Hospitals Navigate COVID-19 Cyber Risk, May 26, 2020.

Thought Leadership

Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP), HITRUST Certified CSF Practitioner (CCSFP) is the chief executive of ecfirst, an Inc. 500 business. He is a highly regarded information security and regulatory compliance expert.