Cyber security for healthcare solutions and medical devices
In today’s electronic world, cybersecurity in healthcare and protecting information is vital for the normal functioning of organizations. Many healthcare organizations have various types of specialized hospital information systems, as well as heterogeneous medical devices to manage. In that context both IT (Information Technology) and OT (Operation Technology) assets are considered as critical from different perspective, incl. human safety, and are requiring the implementation of best security practices from any stakeholders involved in the development, integration, operation, and maintenance activities.
Relevant US and EU authorities recently developed new regulatory framework and guidance for implementing best security practices. Depending from stakeholders’ role, different reference document and requirements have been derived from generic State-of-the-Art document such as ISO 27000 standard series for Information security, or ISA/IEC 62443 standard series for operational cyber security (incl. medical devices).
The five most efficient cyber defenders are: Anticipation, Education, Detection, Reaction and Resilience.
Do remember: Cybersecurity is much more than an IT topic.
Stéphane Nappo, Vice President – Global Chief Information Security Officer , SEB Group
A broad service portfolio for tackling end-to-end cybersecurity needs
For supporting customers in their implementation of best security practices, and ultimately comply with State-of-the-Art methods, CertX Cyber Security Team provide a bench of services for accompanying organizations into their roadmap for secure development and operations, based on four streams:
- Awareness & Education for preparing your team to apply best security practices required from operators of essential services, derived from relevant regulations (e.g. EU-MDR), applicable guidance (MDCG document) or technical standard series (ISO 27000, ISA/IEC 62443)
- Compliance check & certifications for evaluating your current products and/or processes, and validate them according to international references
- Technical evaluation & Testing for challenging your products and/or infrastructure against attack attempts
- Supporting services for accompanying your team on the right path for implementing best security practices
