MEDICAL DEVICE SECURITY ASSESSMENTS & IoT SECURITY

Improperly secured medical devices, along with a plethora of unmanaged IoT devices connected to your network, present a substantial risk for patient harm and create an easy target for malicious hackers.

Meditology has over a decade of experience in assessing and building IoT & medical device security programs for leading health systems across the country. Our approach delivers results in quantifiable risk reduction associated with vulnerable medical device and IoT assets.

Meditology has a proven track record of developing medical device security programs that orchestrate the disparate people, processes, and specialized security technologies required to effectively track and manage risk for medical device assets. We provide a realistic, attainable, and actionable model fine-tuned over multiple years of deployment in leading health systems.

We have been actively involved in shaping the healthcare industry’s approach to securing these life-saving devices by maintaining relationships with regulators and standards entities including the FDA, MDISS, HIMSS, HITRUST, and others.

Our approach is informed by our work with the federal government (ONC) conducting landscape analyses of ethical hacking and medical device security. We also maintain partnerships with leading medical device manufacturers and IoMT security solutions.

Medical Device Inventory & Risk Assessment

Medical Device Inventory & Risk Assessment offers the most budget-friendly solution for addressing medical device security. This service includes:

  • a comprehensive risk assessment
  • medical device discovery and inventory
  • a prioritized corrective action plan

Medical Device Security Remediation

Medical Device Security Remediation services delivers a full-service offering to orchestrate the patching and remediation of known vulnerabilities for your medical device assets. We handle the prioritization of devices for patching, coordination with vendors, project management, and communication & planning with internal stakeholders including security, biomed & clinical engineering, and others.

Medical Device Program Blueprint

Medical Device Program Blueprint offers an unmatched medical device security program that will accelerate your medical device security initiative and take advantage of lessons learned from leading health systems. The output includes a multi-year medical device strategic blueprint and roadmap that identifies and prioritizes discrete projects based on relative risk, level of effort, budget, and resource considerations.

Our solution also delivers custom-tailored processes and procedures for your organization to build and sustain medical device risk management functions including:

  • establishing program communication
  • governance
  • roles and responsibilities
  • compliance
  • security control framework alignment
  • incident response
  • threat modeling
  • inventory management and device maintenance
  • risk classifications
  • intrusion detection and prevention
  • network segmentation
  • technical security and access controls
  • malware protection
  • vulnerability management
  • logging and monitoring
  • training
  • third party risk management, and more

Managed Medical Device Security Program

Managed Medical Device Security Program delivers a full-service solution that includes the development and implementation of your medical device security program. This allows healthcare organizations to implement a world class medical device security program with the right people, technology, and processes already in place. Quite simply, we know healthcare like no other security provider. Let us handle your medical device security program from end-to-end and support you with medical device subject matter experts.

WHAT SETS MEDITOLOGY APART

  • Ranked #1 Best in KLAS for Cybersecurity Advisory Services in 2019 and 2020
  • HIPAA expert witness firm for OCR
  • Experienced CISOs and Privacy Officers
  • Dedicated to healthcare
  • Hundreds of clients coast to coast
  • Advisors to ONC / HHS
 
Quote Icon

We chose Meditology mainly for their demonstrated knowledge and understanding of HIPAA, ARRA/HITECH and established security standards.

They were unfailingly professional throughout the information gathering and data gathering processes, kept to their timeline and verified the results that they found. The reports produced were accurate and easy to understand, with appropriate benchmarking to other health care organizations and the security industry as a whole. Most importantly, they provided concrete and achievable suggestions to help mitigate the risks identified.

Barbara Anson

CISO, Baptist Memorial Health Care Corporation of Memphis, TN