Given the increasing connectivity and digitization in healthcare, users and manufacturers are facing even more challenging tasks. Due to the increasing attack surfaces and growing system complexity, cybersecurity constitutes a crucial factor in the manufacturing and usage of medical devices.

Our work is guided by the most crucial regulatory requirements, including the EU Regulation on Medical Devices (MDR), the U.S. FDA guidelines, and the ISO 27001 and 27799 standards. We are happy to advise you on various topics.

We accompany your project through the following process steps with an experienced, dedicated, and competent team to success:

Security Processdiscribtion

Integrated safety from the initial idea to implementation

Threat modelling

In this step, the specific security requirements of the application are determined by identifying potential threats. This allows for the integration of security measures from the beginning and to start the development on a solid foundation.

Secure Development

During the design process, security principles are incorporated into the application’s architecture. By considering principles such as “Least Privilege” and “Defense in Depth,” potential vulnerabilities are reduced, and the application is made more resilient against attacks.

Developers use secure coding practices such as input validation, exception handling, and avoiding unsafe memory access to minimize the likelihood of security gaps.

Vulnerability management

In this phase, the focus is on robust vulnerability management. The application is continuously monitored to identify possible vulnerabilities or security risks. Through the use of regular scans, monitoring of security alerts, and quick remediation of vulnerabilities, we ensure the long-term security and integrity of the application.

New insights from security research and evolving threat landscapes are incorporated into the update strategy to ensure that the application remains resilient against current and future threats

Secure testing

Security tests are an indispensable component of the software development process to ensure the integrity and confidentiality of applications.

They encompass various approaches such as static analysis, dynamic analysis, and penetration testing. Static analysis identifies vulnerabilities in the source code, while dynamic analysis examines applications in their executed form for potential vulnerabilities. Penetration tests simulate real attacks to identify security gaps.

Automated tools aid in scaling and enhancing the efficiency of these tests, but human expertise is equally important to uncover complex vulnerabilities. The continuous integration of security tests throughout the software lifecycle minimizes risks and ensures that applications remain resilient against an ever-evolving threat landscape.

NIST SP 800-53
NIST SP 800-53
NIST SP 800-53
IEC 62304
IEC 62304

IEC 62304 is a standard created by the International Electrotechnical Commission (IEC) to provide guidelines for software life cycle processes in the development of medical devices. Within this standard, there are also requirements for managing cybersecurity risks in medical software.
ISO 14971
ISO 14971
ISO 14971 was developed by the International Organization for Standardization (ISO). ISO 14971 is a standard that provides guidelines for risk management of medical devices. It includes requirements for managing cybersecurity risks in medical devices.
FDA- Leitlinie der Markteinführung
FDA Market Introduction Guideline

The U.S. Food and Drug Administration (FDA) provides guidelines for manufacturers of medical devices. The guidelines include recommendations for managing cybersecurity risks in medical devices. The guidance assists manufacturers in integrating cybersecurity controls throughout the entire product life cycle, including during the design, development, and maintenance phases.
previous arrow
next arrow
Slide 1-3 : IEC 62304,  ISO 14971 und FDA- Leitlinie der Marktführung

Our Projects

Our extensive project experience with large and medium-sized medical device manufacturers distinguishes us notably. In these projects, we were able to ensure that cybersecurity was treated not just as a subsequent addition, but as an integral component of product development.

Creating a Threat and Risk Analysis
We developed a comprehensive threat and risk analysis for an integration platform deployed within the operating room. Utilizing the STRIDE model, we systematically identified cybersecurity risks and subsequently derived pertinent…
Support during complete SDLC
We assisted in implementing a Software Development Life Cycle (SDLC) as an integral component of a new product platform for a prominent medical device manufacturer. This encompassed conducting threat and…
SBOM based vulnerability analysis
We created a Software Bill of Materials (SW SBOM) and gathered information regarding existing vulnerabilities. In partnership with the customer, we conducted a thorough analysis of the available data, leading…

Niko Assmann

Sales Consultant

Contact us:

Please feel free to reach out to my team and me if you have any questions. We would be happy to give you an initial overview of how you can achieve your individual goals with our efficient solutions.