Post-Market Medical Device CybersecurityNavigating post-market cybersecurity for your medical devices
Streamline your cybersecurity management, no matter the stage in your medical device’s lifecycle
Securing legacy devices is one of the hardest challenges in the medical device industry.
Our source-code level protections can ensure the enablement of modern security features and reduce risks from legacy vulnerabilities.
Software Bill of Materials (SBOM)
Driven by the FDA and IMDRF, including SBOM management and compliance, are now MedTech industry requirements.
Irdeto’s platform streamlines the lifecycle management of your SBOM, providing you with vulnerability monitoring, device assessments and sensitive information secure transfers.
Irdeto’s Trusted Telemetry leverages software protection to build a multi-layered security shield for your connected medical devices, including:
- Anti-reverse engineering
- Integrity verification
- Protected communications
Frequently asked questions
Why is post-market cybersecurity necessary?
Medical devices need to be secured from the beginning of their life cycle and as far as possible into the future. Managing security in the post-market allows for the continuous assessment of the device and ability to address any potential vulnerabilities as they arise.
What does comprehensive post-market cybersecurity comprise of?
Post-market cybersecurity comprises of identifying the software components in your medical device, mapping vulnerabilities, controlling newly identified risks, updating your threat model and conducting penetration testing.
Can I secure my legacy device?
Yes, you can, with solutions like our Software Protection for IoMT enabled devices, which conceal your software’s proprietary algorithms, secrets and cryptographic keys. This secures critical assets for when the device is used in hostile environments.
What is SBOM and why do I need it?
A Software Bill of Materials (SBOM) is now a mandatory requirement for new medical devices across industry verticals as of Executive Order EO 14028. An SBOM should adhere to the minimum requirements outlined by the National Telecommunications and Information Administration (NTIA).
How do I meet the SBOM requirements for my software?
You need to adhere to the minimum requirements for data fields, automation support as well as practices and processes that are set out by the National Telecommunications and Information Administration (NTIA). SBOM is a complex software record that requires expertise to be built correctly.
What is VEX?
Vulnerability Exploitability eXchange (VEX) is a structured advisory format for communicating known vulnerability information within an SBOM. It helps software users categorize and prioritize their vulnerabilities.