Home - Cybrmd.co - Medical Device Cybersecurity Consulting

MAKE BETTER DECISIONS WITH CYBRMD

Our medical device cyber experts will help you overcome the burgeoning risk management, regulatory, and market demands of the digital health arena.

Cyber Regulatory Support

At CYBRMD, we consult with device manufacturers and users to help mitigate cybersecurity, data privacy and interoperability risks and meet the abundant regulatory requirements.

Medical Device Security Risk Assessment

We help provide management with a precise picture of cyber risk, along with recommendations on how to improve overall risk, and compliance of regulatory obligations.

Compliance Advisory Services

We provide advisory and coordination support with key cybersecurity breach assessment, notification, and reporting requirements for each jurisdiction in which your organization operates. This specialized service helps you successfully navigate healthcare’s complex federal and state regulatory requirements.

Compliance Assessments

We work with your team to evaluate the existing compliance protocols while providing meaningful feedback on the various elements and identified shortfalls. The assessment also offers insight into industry best-in-class practices that can improve the device.

CHALLENGING QUESTIONS FOR COMPLICATED ISSUES

Has cybersecurity insurance policies caught up with risk?

Call us at 1.612.618.8797 to find out the answer to this question and more.

How can companies leverage cybersecurity polices to bolster hygiene?

Call us at 1.612.618.8797 to find out the answer to this question and more.

How can a company provide cybersecurity evidence that resonates with C-suite, Board members, IT, regulators and Legal stakeholders?

Call us at 1.612.618.8797 to find out the answer to this question and more.

How do you justify tradeoffs between security controls vs. residual risk and foreseeability?

Call us at 1.612.618.8797 to find out the answer to this question and more.

What frameworks shall a company comply to; NIST CSF, HITRUST, CIS REM, individual Hospital procurement requirements and/or JSP?

Call us at 1.612.618.8797 to find out the answer to this question and more.

What are the breaches in your industry? How can you prioritize?

Call us at 1.612.618.8797 to find out the answer to this question and more.

How do you justify budgets to address cybersecurity risks?

Call us at 1.612.618.8797 to find out the answer to this question and more.

Cybersecurity in Healthcare

Recent article in Wired Magazine stated that Medical Devices are the Next Security Nightmare

67

of medical device manufacturers believe an attack on a medical device built or in use by their organizations is likely to occur over the next 12 months.

15

US hospitals currently have 10 to 15 devices connected per hospital bed

10

Researchers recently found security flaws in 10 ICD’s currently on the market

TALK TO AN EXPERT

Find out how we can help you better navigate the complex world of device security

SECURING HEALTHCARE ECOSYSTEMS

LATEST INDUSTRY NEWS

Explore the latest stories and learn more about industry innovations and relevant trends.

Blogs from healthcareitnews.com

Lose the COVID-19 public health emergency, but keep the progress
Healthcare organizations must urge the Senate to pass critical telehealth legislation, and enact at least a two-year extension of the important PHE-era policies while working toward a permanent solution.
Agile practices – they’re not just for software development
At Penn Medicine, agile methods have been adopted by a number of information technology teams, including teams that support its enterprise EHR, data analytics, IT operations and systems administration.

FAQS

To address medical device cyber security requirements; the FDA, Health Canada and EU have determined that vulnerability scan and penetration tests should be considered during the development lifecycle of all connected medical devices. Following are 5 frequently asked questions relating to the cyber security of medical devices:

WOULD A VULNERABILITY SCAN AND PENETRATION TEST THAT DOESN’T REVEAL ANY FINDINGS INDICATE THAT MY DEVICE IS SECURE?

No, just because you do not find anything does it indicate that the device is secure. You would be wise to understand that cyber security must be based on a well-structured, ongoing development process plus frequent tests.

IS THERE A SPECIFIC LAW OR REQUIREMENT THAT MANDATES A VULNERABILITY SCAN BE CONDUCTED?

No, there are no laws that require you to execute a test, however, most compliance documents and industry standard guidelines HIGHLY RECOMMEND that such a scan be considered.

SHOULD I REPEAT A PENETRATION TEST OR VULNERABILITY SCANAFTER EVERY SOFTWARE CHANGE OR UPDATE?

You must consider security related tests to show that ANY change did not have a negative effect on the cyber security of your device. In most cases tests should be executed after any and all changes.

SHOULD I ADMINISTER A VULNERABILITY SCAN AND PENETRATION TEST ON MY OWN?

In theory, yes, you can however, you need to have the appropriate expertise within your organizational structure In our opinion, you should have an external resourcetest your devices.

WHY SHOULD I USE A 3RD PARTY FOR A CYBER SECURITY ASSESSMENT?

The answer is simple — IMPARTIALITY. The strongest argument for having a 3rd party assessment is the impartiality of that provider.

SUBMIT YOUR QUESTION

Faced with a challenging task or problem?
Send us your questions, our experts are ready to help.