US-based medical device cybersecurity company MedCrypt has partnered with Stratigos Security to provide security assessments and penetration testing offering a suite of third-party assessment and advisory services.
MedCrypt provides security products and services to some of the biggest medical device manufacturers.
Its latest partnership with Stratigos Security will deliver specialised penetration testing, which will simulate an attack allowing issues and weak points to be identified in a device. The results will allow manufacturers to amend their risk management, they can also be submitted for regulation streamlining the product’s journey to market.
In March 2023, the US Food and Drug Administration (FDA) announced its plans for pre-market and post-market guidance, which will come into effect on 1 October 2023. Following this date, the FDA will refuse to accept medical devices that fail to meet cybersecurity obligations.
A study by Ponemon Institute revealed that around 49% of device makers do not follow guidance from the FDA, to mitigate or reduce inherent security risks. There currently has been a rise in product development to meet those requirements.
Stratigos Security CEO Beau Woods said: “Our team of experienced cybersecurity experts, combined with MedCrypt’s deep understanding of medical device security, enables us to deliver comprehensive and effective penetration testing and security assessments that are tailored to the unique requirements of medical devices. We are committed to helping healthcare organisations mitigate cyber risks and safeguard patient safety.”
Traditional testing is less effective for medical devices but with personalised penetration tests post-market issues and threats can be reduced. Well-established companies incorporate these tests into their products’ development framework from the beginning and will continue through the device’s lifetime.
In April 2023, MedCrypt announced it will be financing the School of Engineering for the Tufts University fellowship programme, supporting research on the investigation of medical device security and threat modelling.
More than half (53%) of connected medical and other Internet of Things (IoT) devices in hospitals have a known critical vulnerability.