Cybersecurity, which includes the security of information technology (IT), is critical to ensuring that society trusts, and therefore can benefit from, modern technology. Problematically, though, rarely a day goes by without a news story related to how critical data has been exposed, exfiltrated, or otherwise inappropriately used or accessed as a result of supply chain vulnerabilities. From the Russian government’s campaign to influence the 2016 U.S. presidential election to the September 2017 Equifax breach of more than 140 million Americans’ credit reports, cyber risk has become a topic of conversation in boardrooms and the White House, on Wall Street and main street. But these discussions often miss the problems replete in the expansive supply chains on which many of these products and services we depend on are built; this is particularly true in the medical device context. The problem recently made national news with the voluntary recall of more than 400,000 pacemakers that were found to be vulnerable to hackers, necessitating a firmware update. This Article explores the myriad vulnerabilities in the supply chain for medical devices, investigates existing FDA cybersecurity and privacy regulations to identify any potential governance gaps, and suggests a path forward to boost cybersecurity due diligence for manufacturers by making use of new approaches and technologies, including blockchain.