Cybersecurity solution provider for medical devices MedCrypt, has launched its end-to-end medical device cybersecurity consulting services.
From business strategy to product architecture assessments, process reengineering to change management, threat modelling to regulatory strategy, MedCrypt now offers a suite of services to help customers improve product security, achieve regulatory compliance, and generate overall positive business ROI.
“Healthcare cybersecurity is in a transformational phase. Without fail, every medical device manufacturer is looking to overhaul a part of its product security program in some way,” said Mike Kijewski, CEO of MedCrypt.
“With support from MedCrypt, our clients can now tackle security transformation projects without compromising their ability to deliver innovative clinical features and patient care.”
The U.S. medical device market, the largest worldwide, is projected to grow to $208 billion (33%) by 2023. In today’s market, medical device manufacturers (MDM) are developing innovative medical devices designed to take full advantage of the advent of connected communications, but the features of connected technology also inherently bring security risks to the business.
Since the disclosure of the EternalBlue vulnerability led to the WannaCry malware events in 2017, there has been an increase in the reporting of high-profile, highly pervasive vulnerabilities. Names like Ripple20, Urgent/11, or Amnesia:33 have made the headlines and have sent device manufacturers and healthcare providers scrambling to determine which of their devices are at risk.
To proactively address security requirements, MDMs have to transform, then optimize their business and regulatory strategies, and secure development lifecycle (SDLC) processes.
MedCrypt will work alongside MDMs to mature their product security programs and to help them meet the U.S. Food and Drug Administration’s (FDA) Premarket and Postmarket Cybersecurity Guidances.
Specifically, MedCrypt offers consulting services using industry best practices and standards: Organizational Maturity Assessment (e.g., JSP+), Strategy, and Roadmaps; Threat Modelling (e.g., OWASP+); Security Risk Assessment (e.g., AAMI TIR57+) and Postmarket Management (e.g., AAMI TIR97); Secure Architecture Reviews (e.g., NIST 800-160v1+); Design and Implement Security Controls (e.g., Management, Operational, Technical; Security Process Improvement (e.g., standardize SBOM generation, vulnerability dispositioning); Regulatory Process Improvement (e.g., standardized cybersecurity templates); Retainer and coaching services to support ongoing projects, products, or submissions.
“The healthcare industry continues to be a landscape full of amazing potential for better patient care; however, the advancement of technology is dependent foundationally on security.
This requires changes to people, processes, and tech with a clear strategy for implementation,” said Michael McNeil, senior vice president, global CISO at McKesson.