MDIC's new penetration testing guidance argues manufacturers often miscalibrate how they test connected devices and lays out a five-step framework to fix it, as regulatory submissions increasingly demand pen-test evidence. As medical devices like pacemakers, infusion pumps and diagnostic tools grow more connected, proving they can withstand a determined cyberattack has become a patient-safety problem — and, for regulators expecting pre-market cybersecurity evidence, a compliance one.