Improperly secured medical devices, along with a plethora of unmanaged IoT devices connected to your network, present a substantial risk for patient harm and create an easy target for malicious hackers.

Meditology has over a decade of experience in assessing and building IoT & medical device security programs for leading health systems across the country. Our approach delivers results in quantifiable risk reduction associated with vulnerable medical device and IoT assets.

Meditology has a proven track record of developing medical device security programs that orchestrate the disparate people, processes, and specialized security technologies required to effectively track and manage risk for medical device assets. We provide a realistic, attainable, and actionable model fine-tuned over multiple years of deployment in leading health systems.

We have been actively involved in shaping the healthcare industry’s approach to securing these life-saving devices by maintaining relationships with regulators and standards entities including the FDA, MDISS, HIMSS, HITRUST, and others.

Our approach is informed by our work with the federal government (ONC) conducting landscape analyses of ethical hacking and medical device security. We also maintain partnerships with leading medical device manufacturers and IoMT security solutions.

Medical Device Inventory & Risk Assessment offers the most budget-friendly solution for addressing medical device security. This service includes:

  • a comprehensive risk assessment
  • medical device discovery and inventory
  • a prioritized corrective action plan

Medical Device Security Remediation delivers a full-service offering to orchestrate the patching and remediation of known vulnerabilities for your medical device assets. We handle the prioritization of devices for patching, coordination with vendors, project management, and communication & planning with internal stakeholders including security, biomed & clinical engineering, and others.

Medical Device Program Blueprint offers an unmatched medical device security program that will accelerate your medical device security initiative and take advantage of lessons learned from leading health systems. The output includes a multi-year medical device strategic blueprint and roadmap that identifies and prioritizes discrete projects based on relative risk, level of effort, budget, and resource considerations.

Our solution also delivers custom-tailored processes and procedures for your organization to build and sustain medical device risk management functions including:

  • establishing program communication
  • governance
  • roles and responsibilities
  • compliance
  • security control framework alignment
  • incident response
  • threat modeling
  • inventory management and device maintenance
  • risk classifications
  • intrusion detection and prevention
  • network segmentation
  • technical security and access controls
  • malware protection
  • vulnerability management
  • logging and monitoring
  • training
  • third party risk management, and more

Managed Medical Device Security Program delivers a full-service solution that includes the development and implementation of your medical device security program. This allows healthcare organizations to implement a world class medical device security program with the right people, technology, and processes already in place. Quite simply, we know healthcare like no other security provider. Let us handle your medical device security program from end-to-end and support you with medical device subject matter experts.

How Cyber Risks are Transforming Medical Device Management for HDOs

Standards facilitate commerce. They always have. Yet, despite how much attention IoT cybersecurity has gotten in recent years, the lack of a standards-driven path to best practices is hampering the ability of HDOs to effectively manage risks for medical and IoT devices. Learn how Meditology and Medigate are working toward a trusted, standards-driven approach to securing the Extended Internet of Things (XIoT) including medical devices.

Presented at HIMSS22 by Jonathan Elmer, ITRM Manager & Medical Device Security Architect at Meditology Services and Tom Finn, Market Development Director at Medigate


  • HIPAA expert witness firm for OCR
  • Experienced CISOs and Privacy Officers
  • Dedicated to healthcare
  • Hundreds of clients coast to coast
  • Advisors to ONC / HHS
Quote Icon

The Med Device Security Assessment service was very valuable: 5 out of 5 rating.

We’ve been trying to get a foothold, traction, and focus on our BioMed security program and this was the way to kick-start it, to do it. The Assessment has a lot of good information in it and is outlined in a way that makes it understandable to Executive Team and to senior leadership. We are using the Final Report to form an action plan to address high-risk findings and to move our program forward.


Large Health System on the West Coast

Quote Icon

We don’t have a med device program and for us to build it in the short time Meditology did would be impossible, and we don’t have the expertise or bandwidth.

Laid the foundation, know where our gaps are, have a non-bias deliverable to give to Execs to get money and funding to fully build program like this. I rate it a 5/5 and for the record, I am not an easy grader.

Security Analyst

Large Award-winning Physician-led Healthcare System

Quote Icon

We chose Meditology mainly for their demonstrated knowledge and understanding of HIPAA, ARRA/HITECH and established security standards.

They were unfailingly professional throughout the information gathering and data gathering processes, kept to their timeline and verified the results that they found. The reports produced were accurate and easy to understand, with appropriate benchmarking to other health care organizations and the security industry as a whole. Most importantly, they provided concrete and achievable suggestions to help mitigate the risks identified.

Barbara Anson

CISO, Baptist Memorial Health Care Corporation of Memphis, TN