Cybersecurity services for medical devices

Cybersecurity services for medical devices

Analysis of threats, vulnerabilities in medical device software & communication systems help device makers comply with FDA Cybersecurity Guidance.

July 28, 2014
Manufacturing Group
Contract Manufacturing Design/Engineering Devices/Implants/Equipment Industry/Regulations People/Facilities Software/IoT/Apps

Boxborough, Massachusetts – TÜV Rheinland introduces new security consulting and remediation services for medical device manufacturers to help enhance the security of their devices and fulfill the Federal Drug Administration’s (FDA) recent guideline on cybersecurity of medical devices. The portfolio of services, including assessment, testing and remediation services, will also help manufacturers meet healthcare provider purchase requirements, reduce risks, protect company brand and reputation, and get products to market faster.

The cybersecurity service portfolio helps manufacturers analyze current threats and vulnerabilities within medical device software and communication systems. Specifically, it includes the following: 

  1. Vulnerability assessment analysis of how susceptible the device is to cybersecurity attacks from internal or external sources, and the outcome of the attacks.
  2. Penetration testing consisting of manual attempts to identify, exploit and penetrate the network, system or application security vulnerabilities to obtain access to the medical device and associated data.
  3. Software source code analysis involving an application security assessment that uses a combination of tools and manual review to assess the security posture of the application. 
  4. Advice and remediation:  Upon completion of the above services, TÜV Rheinland consultants can provide advice on how to remediate any security findings. Companies can complete the remediation on their own or engage TÜV Rheinland to assist them. 
  5. Information security assessment analysis against the industry standards (e.g., ISO 27002) and applicable regulations (e.g., HIPAA Security and Privacy Rules). 

“With the rise of wireless, Internet and networking technologies employed in medical devices, the need for effective cybersecurity to assure device functionality and patient information security has become essential,” said David Surber, vice president, medical products, TÜV Rheinland. “The FDA has identified a number of cybersecurity vulnerabilities impacting medical devices and expects companies to demonstrate that their products are secure. The best way for manufacturers to do that is to integrate cybersecurity solutions during the early stages of product development and document the assessment and remediation actions. This is exactly what we can help them accomplish.”

The new service is a result of collaboration between TÜV Rheinland, a 142-year global testing and certification organization, and OpenSky Corp., a leading provider of information technology (IT) consulting services. TÜV Rheinland acquired OpenSky in January 2014 to make possible such innovative solutions for the benefit of the customer. TÜV Rheinland has extensive expertise in medical device testing and regulations, and OpenSky brings to the table its IT security know-how.  

The cybersecurity services allow TÜV Rheinland to offer a complete solution to medical device manufacturers. The comprehensive program features product safety testing and certification; EMC, wireless and radio testing; and international approvals for the global market, providing access to more than 200 countries. Moreover, TÜV Rheinland provides complete consulting and project management solutions. 

Source: TÜV Rheinland