Document and Mitigate Threats to Medical Devices
On top of the usual threats inherent to IT networks, applications, and cloud services, the complexity of medical devices creates a massive, distributed attack surface. The need for effective cybersecurity measures has become increasingly important and is now required by the U.S. FDA.
This FDA guidance helps Medical device manufacturers (MDMs) ensure their devices are sufficiently resilient to cybersecurity attacks. Specifically, MDMs need to deliver a system-level threat model that includes a consideration of risks from its supply chain, design, production, and deployment. We’ve been doing this for a while, we can help.
Leverage our Expertise to Build Customer Confidence
For over two decades, we’ve been conducting software and system threat models on medical devices, robotics, motorcycles, and a plethora of smart home devices. We understand the IoT ecosystem well and focus our threat modeling efforts on its high-risk areas that attackers love to target: bypassing authentication controls, programming devices remotely, and tampering with data.
The finished threat model gives you clear insight into:
- Assets that are most at risk and most likely threats to them
- How your device could be attacked and steps to realize each threat
- Conditions under which attacks would be successful
- Mitigations to address the identified threats
Take our Threat Modeling Course
To stay ahead of the threatscape, our IoT Center of Excellence conducts ongoing research on chipsets, crypto, communication protocols, Real-Time OSs (RTOS), and deployment platforms for connected devices. We’ve worked closely with Fortune 500 and SMBs alike to help them address their most critical threats and deliver more resilient products.
Some of our HealthTech customers:
IoT Center of Excellence(CoE) Lead
Principal Security Engineer
Geoff is a Software & IT Security expert who specializes in finding exploitable vulnerabilities and reverse engineering binaries to locate vulnerable code.
Effective threat modeling requires intimate knowledge of the software and implementation. Security Innovation has focused exclusively on software security since our inception and we infuse this expertise into our Threat Modeling approach:
Understand architecture and security
To establish critical context, our engineers must understand how patients, clinicians, technicians, and customer support each use the system. This is achieved through documentation, walkthroughs, and interviews.
- Features and use cases of the component
- Users of the component and data being consumed by it
- What data must be protected or is considered sensitive
- If there is an admin interface, how it is used and protected
- Any existing security controls, reviews, or considerations
- Protocols, libraries, frameworks, or other external components used
- Biggest security concerns as viewed by the teams