Recently, Number of cyber attacks against medical institutions are increasing. Attacks are getting very sophisticated such as malware cannot be defended by anti-virus software and ransomware and targeted attacks against specific targets. Medical devices are defined as parts of IoT under modern networked environment. It is very hard to avoid to use general-purpose software, Therefore, malicious hackers can easily break in medical institutes with common techniques. In the U.S.A., Government Accountability Office (GAO) published the report warns cybersecurity in medical devices to the FDA in 2012, case study shows critical vulnerabilities in insulin pumps and pace makers, endangering their lives. Rise of artificial intelligence, safety of "big data" is big issue. It is well known personal health information is 10 times more valuable than credit card in underground market. There is huge risks due to regulations such as GDPR in EU and HIPPA in the U.S.A. DH organizes bug bounty program and the College of Medicine Phoenix organizes hacking summit. In Japan, medical security hackathon reports lots of vulnerabilities in medical software and devices. It is widely known that almost of vulnerabilities comes from design and coding phase and the cost of fixing vulnerabilities is about 100 times expensive after software is released. It is very painful work (and sometime almost impossible) to fix vulnerabilities. Therefore, I would like to provide bullet points of security by design in medical need to be considered.