Security by designfor medical devices
As connected devices move outside of the walls of secure hospitals into public environments and private homes where security is absent, medical manufacturers need to consider their cybersecurity approach from the early stages of their device’s lifecycle.
What is security by design?
Security by design is an approach to risk management where state-of-the-art cybersecurity is implemented into medical devices at the design stage. This process drives risk management through identifying and mitigating cybersecurity risks particularly with medical device startups or prototypes, encouraging forward planning for the post-market.
Core benefits of security by design to the long-term security of a product:
- Early action for future proof device
- Saves cost and time at late-stage changes
- Considers ongoing maintenance and governance
What does an excellent security by design service look like?
Our security by design services supports medical device startups as well as established manufacturers by identifying key risks and vulnerabilities.
As requirements for market access of connected medical devices (MDR 2017/745) and in-vitro medical devices (2017/746) become more focused on cybersecurity, medical device manufacturers will have to show detailed evidence of cybersecurity measures.
With 50+ years of security experience and knowledge of devices in hostile environments, our team of security experts:
- Security Risk Assessment (SRA)
- Software Architecture Review
- Penetration Testing
Medical device Security Risk Assessment (SRA)
We follow the guidelines laid out in ISO 14971 to ensure that cyber risks are known and weighed against the device’s benefits using a comprehensive exercise that identifies, guides and communicates cybersecurity risks and recommendations.
What does the process of a security risk assessment look like?
We identify, assess and define mitigation actions while mapping the risks of the design. We then provide you with a report of our baseline findings, which can include:
- Security architecture review
- Threat modeling
- Software bill of materials
- Vulnerability assessment
- Security risk matrix
- Security risk management table
- Cybersecurity lifecycle management plan
How are medical device cybersecurity risks assessed?
Our SRA is rooted in the AAMI TIR 57 principles for medical device cybersecurity. Our security risk assessment identifies the risk of data breaches and system availability in the case of a cyber incident.
What is a software architecture review?
A software architecture review confirms whether a connected medical device is in line with best practices. If need be, we will identify where it needs to be adapted to protect against the potential exploitation of vulnerabilities present in your device software.
How do we conduct a software architecture review?
Our team performs a detailed analysis of existing architecture and design documents to determine whether they meet the security design goals. The following is an example of what may be included in the analysis report:
- Inadequate protection of data at rest
- Outdated cryptographic systems
- Poorly done patches
- Unsafe network protocols
- Inadequate separation of privilege
- Missing backups or logging
- Single points of failure
- Potential for user data leakage
Our engineers look for security vulnerabilities that could be exploited. Without the added level of security applied to your software code, your medical device, sensitive personal health information and intellectual property may be at risk.
Why is penetration testing important?
Penetration testing of hardware and software systems by a third party is considered an industry best practice. Undertaking the product-readiness assessment also helps in evaluating whether a product is ready for market. The assessment highlights what real world attackers might find on your devices or software.
White-box cryptography and penetration testing
White-box penetration testing validates whether the medical device meets its security objectives and growing MDR regulations. Using a final product or prototype of yours, our team reverse engineers or otherwise breaks into your code in the same way a cybercriminal might. A report is produced for you afterward.
Traditional penetration testing can take months to conduct. Our approach takes only weeks and boasts the following benefits giving you:
- A complete overview of exploitable weaknesses
- Quick delivery of insights
- Straightforward mitigation strategies
- A reliable and market-ready device