Medical devices are increasingly connected wirelessly to each other and to data-management devices. Threats to the accurate flow of information and commands may compromise the safe function of these devices and put users' health at risk. These devices can be on-body wearable or implantable systems that monitor and transmit data from a person and send it to a hub (such as a handheld controller/monitor, another device, a smartphone, a pad, or the cloud) for analysis, presentation, aggregation with other data streams, and storage. Such devices might also receive data or commands to be relayed to the patient. These devices can also be large nonportable devices for diagnosis (eg, MRI, CT, PET, or ultrasound imaging equipment and ICU monitors) or for treatment (eg, infusion pumps, ventilators, and medical lasers located in health care facilities). Sound cybersecurity of medical devices can be achieved by maintaining (1) confidentiality by protecting these devices from unauthorized disclosure, (2) integrity by protecting these products from unauthorized modification, and (3) availability of data by protecting these products from loss of function. 1 A medical data breach, which is the release of secure or private/confidential information to an untrusted environment, can represent a security risk, a safety risk, or both. Five steps for a hospital or medical organization to improve medical device cybersecurity include (1) establishing a risk management plan, (2) building a protection framework, (3) following basic security hygiene, (4) including security in contracts, and (5) building a zero trust network. Hospitals that act to improve medical device cybersecurity will decrease the risk of privacy breaches, financial ransom, and harm to patients. Recent Developments in Standards Recent hacks of hospitals and health insurance companies around the world have put medical device cybersecurity in the public spotlight. NIST published a cybersecurity framework in 2014 2 and an update to this document in 2017. Public comment for the update ended in January 2018. 3 In addition,