The health care critical infrastructure sector comprises much of the potential attack surface of the national security landscape. Medical devices that enable connectivity incorporate software that is vulnerable to threats. These devices, which include pacemakers, infusion pumps, and MRI machines, were found to have vulnerabilities ranging from buffer overflow bugs to the presence of hard-coded credentials that lent to unauthorized access of information. A breach could compromise data confidentiality, integrity, and availability, as well as patient safety. This talk will explore some of the past and current vulnerabilities facing the medical device industry, and the steps that the FDA is taking to mitigate these risks.