Healthcare, IoMT and Medical Device Security
Healthcare products (Internet of Medical Things) are governed by regulatory requirements to ensure that the hardware and software adopt a defense-in-depth approach and are adequately secured by the manufacturer. In the United States, the Food & Drug Administration (US FDA) has clearly defined cybersecurity guidelines to be followed by manufacturers and documentation to be included as part of their 510(k) submission. Similarly, the CE Mark for healthcare products sold in Europe requires cybersecurity evaluations to be in compliance with the MDCG 2021-6 guidelines.
For the 510(k) Premarket Cybersecurity Readiness, the FDA recommends to include the following documents:
- Threat models
- Cybersecurity risk assessment report
- Security testing/assessment reports
- Proofs of vulnerability assessment for third-party software (if any)
- Plan for continuing cybersecurity support
Deep Armor has played a key role in securing the FDA 510(k) cybersecurity approval for several medical devices. We can help you in completing all the essential technical activities (threat modeling, vulnerability assessments, penetration testing and red-teaming), preparing supporting documentation, and assisting with clarifications if the FDA requires more proofs/information. Our services will help you complete the 510(k) Premarket Cybersecurity Readiness with minimal effort from your side.
If you have a product that is required to go through the FDA or CE Mark security certifications, talk to us. We will help you understand the process using our templates. We can then work with you on a stepwise plan to execute all technical activities and prepare documents for the certification process.