arrows arrow-right arrow-left menu search rss youtube linkedin twitter facebook instagram arrow-play linkedIn
Growing Threats
We're helping protect facilities and patients from potential harm and minimizing risks.

DeviceSecure® Services & Solutions

Identify and resolve potential cyber security threats with Battelle DeviceSecure® Services & Solutions, a suite of cyber security services for medical devices. We combine expertise in cybersecurity, medical device design, hardware and software development, and user experience for a complete solution to medical device cyber security issues.

Advisory

Many medical devices today are connected to provider networks. And while that offers benefits to patients and healthcare providers, it also enables the possibility of cybersecurity attacks.

Organizational Cybersecurity Governance
Battelle can help implement an overarching medical device cybersecurity program in accordance with current security guidance from various regulatory agencies. We'll address all aspects of a product-focused cybersecurity program - from program governance to product development and post-market monitoring.

Risk Management Framework (RMF) Compliance
By navigating the federal IT security requirements to identify what is required for a medical device, Battelle can help develop a product design and documentation suite consistent with RMF requirements.

We provide engineering support through:

  • Identification of potential government customers’ needs
  • Identification and documentation of government customer use cases to aid in design decisions
  • Design decision support during product development
  • Identification and assistance with supporting product certifications or testing
  • Documentation support for government-required documentation to include RMF artifacts and technical documentation
  • Process support for RMF approval

FIPS 140-2 Compliance
We help clients navigate the FIPS 140-2 requirements to identify what is required for a product by government customers and can develop a cryptographic architecture consistent with government requirements.

We provide engineering support through:

  • Risk assessment of potential product sales impacts related to FIPS 140-2 requirements
  • Identification and documentation of product use cases that require cryptography for specific government customers
  • Identification of likely FIPS 140-2 requirements vetting by specific government customers
  • Development of design requirements and design specifications for cryptographic functions consistent with FIPS 140-2 and FDA security guidelines
  • Identification of cryptographic architectures that support cost-effective validation under the CAVP and CMVP
  • Planning for cryptographic validation under the NIST CAVP and CMVP
  • Cryptographic implementations
  • Recommendations for integrating third-party validated cryptographic modules into product design

Vulnerability Mitigation and General Consulting
For clients with questions about whether a newly discovered security flaw might impact their devices, Battelle can help assess and mitigate. We'll help navigate FDA pre-market and post-market cybersecurity landscape.

 
Ready to secure your medical devices?
Contact us today for a customized solution.
Contact Us

Services

Secure Design and Usability 
Building cybersecurity into devices from the start helps reduce risks and reduce the cost of security compliance. We offer a full spectrum of cybersecurity solutions backed by decades of experience for the Department of Defense and the intelligence community.

Those solutions include:

  • Security risk management and threat modeling (AAMI TIR57 & NIST 800-30)
  • Security requirements development
  • Human factors analysis of security controls
  • Systems architecture security reviews
  • Security design reviews
  • Software security code reviews
Threat Assessment
The Food and Drug Administration (FDA) guidance document Content of Premarket Submissions for Management of Cybersecurity in Medical Devices (Oct 2018) requires medical device manufacturers to conduct a cybersecurity threat assessment and develop a cybersecurity plan to mitigate identified threats.

Battelle can help clients meet FDA expectations and understand cybersecurity risks.

We can help:

  • Accurately identify and characterize potential threats to a device based on current system design
  • Understand how device design impacts the cybersecurity threat profile
  • Streamline development of a cybersecurity plan and summary report for FDA submission
Vulnerability Assessment & Penetration Testing
We have the ability to characterize, assess, model, predict and measure the broad spectrum of threats and vulnerabilities posed for a specific medical device. An approved Mayo Clinic Security testing firm, Battelle provides thorough security testing and analysis of hardware and software.

Our capabilities include:

  • Whitebox and blackbox penetration testing
  • Application and protocol fuzz testing
  • Reverse engineering of firmware, software and proprietary formats
  • Embedded medical systems testing
  • System hardening strategies development

Solutions

Automated Vulnerability Monitoring & Reporting
Battelle can help you automate the monitoring of newly discovered and reported security vulnerabilities in medical device hardware and associated software. Our continuous monitoring allows real-time updates on newly reported security vulnerabilities, enabling clients to act quickly to mitigate concerns or potential impact.