Medical Devices


The healthcare industry is one of the most critical infrastructures in each country, due to its direct implication on humans. Medical devices providing direct interaction with the patients need to be equipped with state-of-the-art features in terms of performance. At the same time, the fast rise of cybersecurity threats and attack vectors is impacting medical devices more and more.

Adobe Stock 178073396

From a cybersecurity point of view, most of these devices are high risk targets. Controlling and minimizing these risks becomes therefore a highly important process which manufacturers need to take into account.

Taking security into consideration during the whole development and manufacturing process of the medical devices could represent a strong means for avoiding any future security breaches, thus consolidating the brand’s image and reputation.

Moreover, due to the high risks associated in practice with their devices, medical device manufacturers need to comply with certain regulations in order to place their products on specific markets. In U.S.A, the Food and Drug Association (FDA) is regulating the market access, while in the EU, medical devices need to fulfill the Medical Devices Regulation.

Assessing, demonstrating compliance or obtaining relevant security certifications for your medical devices are important actions in order to improve their security, obtain the clearance for specific markets, and ultimately showcase their value to the patients or healthcare institutions. Secura can support you with several testing and certification possibilities.


Testing

Secura can provide testing services in line with the relevant security publications addressing the domain of medical devices. The offered services are presented below.

IEC 62443

IEC

Secura has extensive experience in the interpretation and practical applicability of the internationally recognized IEC 62443 standard. Several parts of this standard can be of value to highlight the security of the product or development processes. IEC 62443-4-2 and IEC 62443-3-3 can be used to validate the security of medical products or integrated systems. IEC 62443-4-1 can be used to validate the security of the medical devices development processes.

Secura Medical Devices Security Framework

Secura

In order to provide a flexible approach to the manufacturers, Secura has developed its own testing framework, based on state of the art security guidelines such IEC 62443, UL 2900 or the ENISA Security Baseline Recommendations. Testing your product against the requirements of the framework allows manufacturers to select the depth of testing, thus perfectly addressing their needs.

FDA/EU Security Requirements

FDA

In order to enable the access of medical devices in USA, manufacturers need to apply and have their products approved by the FDA. The FDA assesses the security of devices based on its specified requirements. Secura put together a flexible compliance service, aimed at supporting manufacturers with the FDA requirements, at various level of involvement. Documentation review, several options of testing, as well as analysis of the whole risk assessment file are options in this compliance service, which enables manufacturers to have a smoother FDA approval process.

At the same time, the EU Medical Devices Regulation asks manufacturers to demonstrate “state of the art” security in their products. The “Standard” security evaluation service, part of this compliance package, would allow manufacturers to efficiently demonstrate the implementation of state of the art security in their products.

Certification

Certification allows to put official recognition on the results of an assessment for your product. Secura can support you with certification services for your IoT product based on the following schemes.

UL CAP

UL

Secura can support with the evaluation and certification of your medical device or system based on the UL CAP certification methodology. The UL CAP certificate is internationally recognized, being a well known means for demonstrating compliance with the FDA security requirements for US market access

Common Criteria

Common Criteria

Common Criteria is an internationally recognized security assessment and certification methodology. Common Criteria certificates are mutually recognized across continents, including most of EU, USA, Asia, Australia, UK, etc.

Secura can support with Common Criteria evaluations, under the Dutch Common Criteria scheme NSCIB.

Fact sheets

Medical Devices Security Testing and Certification

Overview of our security testing & certification services for medical devices.

Download fact sheet file_download
IEC 62443

Overview of IEC 62443 and our services.

Download fact sheet file_download
Common Criteria

Overview of Common Criteria and our services.

Download fact sheet file_download
Secura Contact Shape
Partners of Secura

Cybersecurity is more than technology alone. Secura collaborates with partners in compliance and risk management, integrated application security, privacy, IT- and internet law and certification.