Medical device manufacturers need to build devices with innovative clinical features, that are secure, and get them to market quickly. The MedCrypt platform makes it easy to make your devices secure by design, while meeting your budget and timeline requirements.Learn More
Make sure you have the latest guidance from the FDA
Encrypt data in transit, preventing exposure of your data, and creating redundancy against unknown network security controls. Ghost, MedCrypt's secure overlay agent, can enable encryption on existing devices that are already deployed in the field.
Guardian, MedCrypt’s embedded library, makes certain cryptography functions, like signature verification and data encryption, available via an easy to use API/ABI. This allows a user to sign code, data, instructions, configurations, etc. and verify these data structures before they are loaded into an active device, as well as ensure the privacy of sensitive data.
This is the single biggest advantage to using MedCrypt. MedCrypt-enabled devices send behavior metadata to Canary, an event monitoring system (that can be located in the cloud or on-prem), and these events are monitored for suspicious behavior. The behavior baselines are built for healthcare-specific data, that would be difficult or impossible for your organization to capture internally.
Helm, a vulnerability management tool, can import SBOMs and monitor them for vulnerabilities. Users can analyze which devices are impacted by a specific vulnerability or identify which devices use a software component to get ahead of the next WannaCry or Log4Shell vulnerability.
Our products are designed for medical devices.
Secure data in transit with the option of not having to change any source code on your device.
From startups to top device manufacturers, we work with companies of all sizes to help secure their products.
“In the course of filing for a 510(k) clearance we needed to establish a threat model that meets regulators' expectations. MedCrypt not only helped us with their deep expertise but even more with the excellent understanding of our company specific needs. If you are looking for a tailor-made solutions, provided by people who really care, MedCrypt are the folks to turn to!”
“As a startup medical device company with a new product under development, including a cloud-based component, we needed to improve cybersecurity in order to protect our business and get IVDR CE-mark and FDA 510(k) clearance. MedCrypt helped us develop our threat model, which guided us to a more secure design and improvements to our solution architecture. MedCrypt has also been deeply involved in creating our cybersecurity risks and meet future regulatory expectations. We are extremely satisfied with the support we received from MedCrypt and recommend MedCrypt if you are looking for a partner to help with your medical device cybersecurity program and design.”
“MedCrypt’s support increased our confidence in our cryptography architecture, helped us better document its strengths, and provided feedback on gaps in other areas. From our work with MedCrypt, we expect a faster and smoother regulatory review, as well as faster development of our roadmap.”
As proactive healthcare cybersecurity continues to grow in importance, buyers, patients and media are taking note of MedCrypt’s innovations and impact.
On March 29, 2023, the FDA has issued a new final guidance on the Refuse to Accept (RTA) policy relating to cybersecurity in medical devices, specifically for “Cyber Devices” as defined in the newly-amended FD&C Act (Section 524B). In mapping its guidance to the new statutory authority, the FDA specifies what is expected when a submission is provided to the agency for review.
On Dec 29, President Biden signed into law a $1.7 trillion omnibus spending bill that has significant implications for healthcare as well as for how security for medical devices are regulated and enforced. Manufacturers must now include evidence of security controls and security testing, as well as plans to maintain device’s security posture through updates and patches, all supported by documented evidence, e.g., a software bill of materials for commercial, open-source, and off-the-shelf software components.
Cybersecurity used to be seen as a compliance initiative in healthcare but has become a patient safety and business imperative in recent years. For MDMs, tying market delays and metrics to a lack of security will inspire faster action. For HDOs, assessing strategies for incoming devices can start to shift the tide in how risks expand.