Vendor Services

MEDSEC

Dedicated to securing medical machines and devices

MedSec is a unique worldwide company with a team of highly technical vulnerability researchers dedicated to securing medical devices and equipment.

Device and system security assessments

MedSec’s research teams assess the stability and security of a wide range of medical equipment from small implantable devices to critical care equipment. The process includes evaluation of embedded software and wireless communications systems, with custom reverse engineering and evaluation of reverse engineering susceptibility, protocol analysis, and 0-Day (Zero Day) exploit development in order to understand the impact of security vulnerabilities.

Example assessable systems:
  • Implantable medical devices.
  • Picture Archiving and Communication System (PACS) and associated equipment.
  • Medical specific RF machines and devices (often life-critical).
  • Other wired medical machinery.
  • Physical security monitoring systems.

Software security assessments

Assessment services extend to software-only solutions, including licensed third party/open source code or software developed in-house. MedSec’s researchers can review existing source code, or reverse engineer as applicable. Exampled assessable systems include electronic medical records software (including inter-hospital proprietary solutions), inventory management systems, financial, and project management systems.

Vulnerability remediation, system design and re-architecture

The Introduction of security mechanisms into an existing proprietary system can prove extremely costly if done incorrectly. In an effort to introduce medical device vulnerability remediation, a manufacturer might elect to expend restricted financial and personal resources, with a limited consequent result.

MedSec leverages its experience working with multiple vendors to provide remediation services including system re-design and re-architecture to provide manufacturers with a more affordable alternative to internal-only development efforts.

Remediation services include:

Vulnerability patching

Custom-developed software patches to secure embedded operating systems and software running on unsupported systems.

Integrity protection

Protection of software, hardware and firmware, via the design and integration of industry-standard and custom anti-reverse engineering, tamper-proofing, with trusted computing solutions.

Device authentication solutions

Best practice and custom design and integration of multi-factor device and user authentication capabilities.

Data integrity and privacy protection

Selection and implementation of best-practice cryptographic solutions, including secure RF protocol optimization.

SDLC

Evaluation, recommendations and implementation of SDLC methodologies.

Device security management

Cyber skills shortages have left manufacturers challenged to provide the level of security needed. MedSec offers manufacturers an outsourced security management program to address this problem.

MedSec’s partnership with device manufacturers provides re-designed robust and mature security programs allowing assured continued safety to patients throughout the entire device and system design, build and support lifetime. MedSec’s programs include continuous device authentication and system integrity monitoring, and management.