The Health Sector Coordinating Council (HSCC) Cybersecurity Working Group has released version 2 of the Model Contract for Medtech Cybersecurity (MC2 v.2), an updated framework intended to clarify and standardize cybersecurity responsibilities between healthcare delivery organizations and medical device manufacturers. Presented at the council’s semi-annual meeting, the new version incorporates extensive industry feedback, aligns contract language with evolving regulations, clarifies shared responsibilities, and restructures complex clauses for greater usability. MC2 v.2 addresses longstanding challenges such as uneven cybersecurity capabilities among manufacturers, inconsistent expectations among healthcare organizations, and the high costs and ambiguities that have historically complicated procurement negotiations. The updated model draws on established best practices including the Health Industry Cybersecurity Practices and the Joint Security Plan version 2 to support more consistent risk management and reinforce the principle that cyber safety is patient safety. The full publication is available through the Health Sector Coordinating Council’s website.