Home - Cybrmd.co - Medical Device Cybersecurity Consulting

MAKE BETTER DECISIONS WITH CYBRMD

Our medical device cyber experts will help you overcome the burgeoning risk management, regulatory, and market demands of the digital health arena.

Cyber Regulatory Support

At CYBRMD, we consult with device manufacturers and users to help mitigate cybersecurity, data privacy and interoperability risks and meet the abundant regulatory requirements.

Medical Device Security Risk Assessment

We help provide management with a precise picture of cyber risk, along with recommendations on how to improve overall risk, and compliance of regulatory obligations.

Compliance Advisory Services

We provide advisory and coordination support with key cybersecurity breach assessment, notification, and reporting requirements for each jurisdiction in which your organization operates. This specialized service helps you successfully navigate healthcare’s complex federal and state regulatory requirements.

Compliance Assessments

We work with your team to evaluate the existing compliance protocols while providing meaningful feedback on the various elements and identified shortfalls. The assessment also offers insight into industry best-in-class practices that can improve the device.

CHALLENGING QUESTIONS FOR COMPLICATED ISSUES

Has cybersecurity insurance policies caught up with risk?

Call us at 1.612.618.8797 to find out the answer to this question and more.

How can companies leverage cybersecurity polices to bolster hygiene?

Call us at 1.612.618.8797 to find out the answer to this question and more.

How can a company provide cybersecurity evidence that resonates with C-suite, Board members, IT, regulators and Legal stakeholders?

Call us at 1.612.618.8797 to find out the answer to this question and more.

How do you justify tradeoffs between security controls vs. residual risk and foreseeability?

Call us at 1.612.618.8797 to find out the answer to this question and more.

What frameworks shall a company comply to; NIST CSF, HITRUST, CIS REM, individual Hospital procurement requirements and/or JSP?

Call us at 1.612.618.8797 to find out the answer to this question and more.

What are the breaches in your industry? How can you prioritize?

Call us at 1.612.618.8797 to find out the answer to this question and more.

How do you justify budgets to address cybersecurity risks?

Call us at 1.612.618.8797 to find out the answer to this question and more.

Cybersecurity in Healthcare

Recent article in Wired Magazine stated that Medical Devices are the Next Security Nightmare

67

of medical device manufacturers believe an attack on a medical device built or in use by their organizations is likely to occur over the next 12 months.

15

US hospitals currently have 10 to 15 devices connected per hospital bed

10

Researchers recently found security flaws in 10 ICD’s currently on the market

TALK TO AN EXPERT

Find out how we can help you better navigate the complex world of device security

SECURING HEALTHCARE ECOSYSTEMS

LATEST INDUSTRY NEWS

Explore the latest stories and learn more about industry innovations and relevant trends.

Blogs from healthcareitnews.com

Recruiting and retaining top talent in the post-pandemic world
What does the future workplace look like for IT, finance and operational staff – and how best to keep them engaged in a work environment that has fundamentally changed?
Too many tasks, too little time: Robotic process automation can help
While the 'robot' aspect of RPA gets most of the attention, successful implementation centers on the people and processes that will be impacted by the technology – and in a healthcare system where burnout is rampant, there are plenty of those.

FAQS

To address medical device cyber security requirements; the FDA, Health Canada and EU have determined that vulnerability scan and penetration tests should be considered during the development lifecycle of all connected medical devices. Following are 5 frequently asked questions relating to the cyber security of medical devices:

WOULD A VULNERABILITY SCAN AND PENETRATION TEST THAT DOESN’T REVEAL ANY FINDINGS INDICATE THAT MY DEVICE IS SECURE?

No, just because you do not find anything does it indicate that the device is secure. You would be wise to understand that cyber security must be based on a well-structured, ongoing development process plus frequent tests.

IS THERE A SPECIFIC LAW OR REQUIREMENT THAT MANDATES A VULNERABILITY SCAN BE CONDUCTED?

No, there are no laws that require you to execute a test, however, most compliance documents and industry standard guidelines HIGHLY RECOMMEND that such a scan be considered.

SHOULD I REPEAT A PENETRATION TEST OR VULNERABILITY SCANAFTER EVERY SOFTWARE CHANGE OR UPDATE?

You must consider security related tests to show that ANY change did not have a negative effect on the cyber security of your device. In most cases tests should be executed after any and all changes.

SHOULD I ADMINISTER A VULNERABILITY SCAN AND PENETRATION TEST ON MY OWN?

In theory, yes, you can however, you need to have the appropriate expertise within your organizational structure In our opinion, you should have an external resourcetest your devices.

WHY SHOULD I USE A 3RD PARTY FOR A CYBER SECURITY ASSESSMENT?

The answer is simple — IMPARTIALITY. The strongest argument for having a 3rd party assessment is the impartiality of that provider.

SUBMIT YOUR QUESTION

Faced with a challenging task or problem?
Send us your questions, our experts are ready to help.