A medical device manufacturer needed expertise to improve security controls associated with their medical devices and data management applications. This included understanding regulatory applicability and the impact on security controls.
The number of devices, device use cases (includes data flows), and data management application integration presented a significant amount of complexity. Mapping the security controls to collection, processing, and storage of personally identifiable information required detailed workshops with several stakeholders.
The client engaged our Data & Technology Risk Assessment, Compliance Management, and IoT Security services to assess the cybersecurity capability, understand compliance, and determine risk. A comprehensive analysis of device firmware, data storage, device access, maintenance functions, and host interface was performed. Additionally, a thorough review of application security and data protection associated web applications and APIs was conducted.
The results achieved as a result of the engagements include:
- Significantly reduced business risk by closing critical findings
- Increased business prospects by improving the ability to
communicate cybersecurity controls to potential customers
- Decreased risk by integrating security into product development processes