MedSec’s research teams assess the stability and security of a wide range of medical equipment from small implantable devices to critical care equipment. The process includes evaluation of embedded software and wireless communications systems, with custom reverse engineering and evaluation of reverse engineering susceptibility, protocol analysis, and 0-Day (Zero Day) exploit development in order to understand the impact of security vulnerabilities.
Assessment services extend to software-only solutions, including licensed third party/open source code or software developed in-house. MedSec’s researchers can review existing source code, or reverse engineer as applicable. Exampled assessable systems include electronic medical records software (including inter-hospital proprietary solutions), inventory management systems, financial, and project management systems.
The Introduction of security mechanisms into an existing proprietary system can prove extremely costly if done incorrectly. In an effort to introduce medical device vulnerability remediation, a manufacturer might elect to expend restricted financial and personal resources, with a limited consequent result.
MedSec leverages its experience working with multiple vendors to provide remediation services including system re-design and re-architecture to provide manufacturers with a more affordable alternative to internal-only development efforts.
Remediation services include:
Custom-developed software patches to secure embedded operating systems and software running on unsupported systems.
Protection of software, hardware and firmware, via the design and integration of industry-standard and custom anti-reverse engineering, tamper-proofing, with trusted computing solutions.
Best practice and custom design and integration of multi-factor device and user authentication capabilities.
Selection and implementation of best-practice cryptographic solutions, including secure RF protocol optimization.
Evaluation, recommendations and implementation of SDLC methodologies.
Cyber skills shortages have left manufacturers challenged to provide the level of security needed. MedSec offers manufacturers an outsourced security management program to address this problem.
MedSec’s partnership with device manufacturers provides re-designed robust and mature security programs allowing assured continued safety to patients throughout the entire device and system design, build and support lifetime. MedSec’s programs include continuous device authentication and system integrity monitoring, and management.