Security Evaluation Services for Medical Devices
The relevance of cybersecurity for eHealth and connected medical devices is increasing. Organisations worldwide are establishing minimum sets of cybersecurity requirements. These include:
- U.S. Food and Drug Administration (FDA)
- National Telecommunications and Information Administration (NTIA)
- Medical Device Regulation (MDR)
DTSec focuses on Connected Diabetes Devices: glucose meters, insulin pumps and artificial pancreases. DTSec is US-centric and developed by a team with members from the medical, government, technology provider, cybersecurity and academia sectors. The scheme uses ISO 150408 (Common Criteria for IT Security Evaluation) to specify requirements.
DTSec works: high-risk medical devices can be security certified at high assurance levels at a reasonable cost
On average, the medical sector requires a much higher degree of software quality than typical IT security. IEC 62304 provides sufficient information about software to perform high-quality vulnerability analysis. Software can be easily analysed to a high degree of precision at a reasonable cost.
(ISO 15408 works well with IEC 62304)