Security Testing for Connected Healthcare Devices
As an independent security lab, we have specialized over the past 15 years in embedded systems security on the hardware and software side. Our expertise has led companies with “mission critical” applications to seek our support to provide security assurance for their developed product solutions. This includes the (high security) payments industry, where we have been thought and market leaders for many years.
In healthcare, we have already evaluated doctor and patient authentication protocols, which often form the foundation for a secure data flow and use of connected devices and systems. This coupled with our extensive expertise in embedded device security, keeps us at the forefront of relevant security challenges for Healthcare.
With connected healthcare starting to develop into a more widespread industry, driven by the benefits such innovation offers, vulnerabilities are also on the rise. As an example, secure boot and firmware vulnerabilities may, amongst others, lead to firmware extraction and identification of scale-able logical attacks, which can cause serious liability issues in patient critical devices. While OTA (over the air) updates create substantial opportunity to accelerate innovation… assurance that the communication protocols are secured against the latest attack methods and the new firmware does not introduce new vulnerabilities in the system or device itself, also become more important.
Healthcare seeks more patient-centric home-based care solutions to achieve maximum quality care at affordable costs. Therefore, we believe that creating sufficient trust in the solutions, driven by security and attack resistence, will be crucial (although we are of course somewhat biased since we see so many attacks and attack options).
Helping to set evaluation requirements from schemes to self-regulation
Since we have substantial expertise across many different established security evaluation “schemes”, we also help vendors and industries establish relevant standards for their specific situation, allowing in some industries for vendorscheme-led self-regulation and in others a more regulated approach if and when appropriate. Even in a regulated approach however, our view across all schemes, testing and attack methods, allows us also to recommend a “workable” sense-making approach to security evaluation and assurance. For more information on how we can assist you taking out security/attack vulnerabilities in your systems, feel free to contact us for a discussion and examples of what we have achieved as security testing specialists across many industries in the past 15 years.