Medical Device Safety and Security (MeDSS) has been saved
Services
Medical Device Safety and Security (MeDSS)
Building and maintaining trustworthy and resilient medical devices
Improving customer experience and extending connectivity of medical devices are top of mind objectives for medical device manufacturers and health care delivery organizations. With this growing MedTech ecosystem, cybersecurity and privacy concerns are everywhere and need to be addressed in order to securely and safely advance health care anywhere.
Explore content
- Industry 4.0
- Medical device risks are under a microscope
- How we can help
- Deloitte MeDSS services
- Let's talk
Medical device risks are evolving
The safety of medical devices has long been a concern of patients, health care delivery organizations, regulators, and the manufacturers. Through innovation, the definition of medical devices, and associated capabilities, have expanded, introducing a new risk area and an imperative consideration when determining the safety and trustworthiness of a medical device: cybersecurity.
Because of the risks to safety and privacy, cybersecurity threats demand attention and organizations should balance transforming patient care with associated risks.
Appropriate protections – by design
Regulators such as the United States Food and Drug Administration (FDA), European Union (EU) Parliament, and China FDA have issued regulations, guidance, and standards so that appropriate protections are built into medical device by design. However, the operating environment of connected medical devices are highly dynamic, marked by threats that change from one day to the next.
In addition to embedding cybersecurity, privacy, and safety in premarket product development, manufacturers should consider post-market through ongoing and proactive threat and vulnerability monitoring and risk management in coordination with health care delivery organizations.
Health care delivery organizations should also embed security into their product lifecycle processes, starting from when the identify and vet vendors to assessing if particular products meet their product security and privacy requirements, to securely onboarding and using those devices in a clinical setting.
We can help – across the health care ecosystem
Deloitte’s Medical Device Safety and Security (MeDSS) solutions can help entities in the health care ecosystem—medical device manufacturers, health care delivery organizations, third-party software providers, and digital health companies—support better patient outcomes by lowering the risks that come along with advanced medical technology through:
- Identify and helping remediate cybersecurity and privacy gaps across the device lifecycle through security and privacy-by-design principals
- Conduct vigilant post-market surveillance
- Help establish and maintain a resilient supporting infrastructure
How we can help
Deloitte’s Cyber MeDSS team helps clients improve their medical device cybersecurity and privacy through both a programmatic and technical approach. We assist our clients through a range of services, including:
Design, develop, implement (including integration into the quality management system), and operate an enterprise-level product security and privacy program, which is designed to programmatically assist with securing connected products throughout their lifecycle through a governance model, policy, standards, procedures, work instructions, templates, and other associated artifacts.
Assess the maturity of the organization’s product security and privacy program through documentation review and interviews and develop a report to provide current state strengths, areas for improvement, recommendations, and a benchmark against the industry and relevant peers.
Conduct a documentation review and interview-based security analysis geared at identifying device security vulnerabilities and associated threats, understanding the level of risk associated with identified vulnerabilities and threats, crafting remediation plans to bring risk to an acceptable/controlled level, and establishing information to serve as integration into safety risk analysis.
Leveraging Deloitte’s Cyber Internet of Things (IoT) Studio and cyber IoT security testing methodology, conduct application, network, firmware, and hardware/firmware security testing geared at identifying device security vulnerabilities and attack vectors; understanding the level of risk associated with identified vulnerabilities; and crafting remediation plans to bring risk to an acceptable/controlled level.
Securely procure connected products and components critical to an organization’s functions (e.g., product development) or internal ecosystems through supplier product security and privacy assessments and the technical security requirements used in the design, development, and manufacturing of the product(s).
Design, develop, and implement a centralized tool to assist in the management and operation of a product security and privacy program, including capabilities for security risk management and associated processes (e.g., asset inventorying, vulnerability management with cybersecurity bill of materials (CBoM) monitoring, customer communications). This includes Deloitte's Product Security ManagerTM solution and security information and event management (SIEM) technology.
Provide tailored training for product security and privacy executives to provide insight into industry leading practices and develop skills required to lead the product security and privacy program.
Design, develop, and implement security for connected products and their associated ecosystems through ecosystem architecture reviews and remediation engineering.
Assist in the development of documentation packages to aide in the submission of product security documentation to regulators for pre-market approvals and post-market inquiries.
Let's talk
Russell L. Jones |
|
Veronica Lim |
|
Recommendations
Harnessing opportunities and managing risk in the future of health
Drive value and improve delivery systems