Cyber threats to medical devices have increased as these products are more frequently connected to hospital networks, the internet and other medical systems. There's a need for effective cybersecurity management to assure the functionality and safety of medical devices, and to protect connected networks. When a cyber incident is identified, manufacturers must have a transparent and well-developed disclosure program. Sensitive data is exposed when manufacturers conduct contracted maintenance and support of production devices or managed solutions. When a manufacturer is considered a business associate, they must adhere to HIPAA Security Rule requirements and healthcare delivery organizations’ vendor risk management programs.

Our Approach

Leveraging our healthcare and IoT expertise, we provide end-to-end medical device cybersecurity assurance services to help manufacturers go to market quickly and securely. Services include:

• Cyber Risk Program Maturity Assessment
• Cybersecurity Program, Policy & Procedure Development
• Vulnerability Assessment and Penetration Testing
• HIPAA Security Risk Analysis
• Medical Device Cybersecurity Readiness Assessment
• Medical Device Cybersecurity and Risk Management Advisory

Deliverables

• Readiness assessment report with prioritized findings and recommendations
• Workshop on medical device security, risk management and HIPAA compliance (optional)
• Remediation roadmap

Medical Device Cybersecurity Readiness Assessment: Scope and Methodology

• Customized security framework for manufacturers leveraging NIST 800-53, TIR-57, FDA pre- and post-market guidance
• Product security policy and procendure review
• Product risk assessment processes, MDS2 management
• Secure development practices (securing code, code review, etc.)
• Security technology usage in products (secure architecture, encryption, PKI, blockchain, hardening, etc.)
• Threats and vulnerability management and disclosure
• Post-market cybersecurity management practices
• Incident response process