Security evaluation services for medical devices
The relevance of cybersecurity for eHealth and connected medical devices is increasing. Organisations worldwide are establishing minimum sets of cybersecurity requirements. These include:- U.S. Food and Drug Administration (FDA)
- National Telecommunications and Information Administration (NTIA)
- Medical Device Regulation (MDR)
Brightsight can help you show security compliance with readiness for these and other standards in the medical sector. Additionally, Brightsight is a recognised laboratory for DTSec certifications.
DTSec
DTSec focuses on Connected Diabetes Devices: glucose meters, insulin pumps and artificial pancreases. DTSec is US-centric and developed by a team with members from the medical, government, technology provider, cybersecurity and academia sectors. The scheme uses ISO 150408 (Common Criteria for IT Security Evaluation) to specify requirements.
DTSec works: high-risk medical devices can be security certified at high assurance levels at a reasonable cost
IEC 62304
On average, the medical sector requires a much higher degree of software quality than typical IT security. IEC 62304 provides sufficient information about software to perform high-quality vulnerability analysis. Software can be easily analysed to a high degree of precision at a reasonable cost.
(ISO 15408 works well with IEC 62304)
Brightsight helps by providing independent, expert evaluations that identify security vulnerabilities and provide actionable recommendations for remediation. We offer in-depth analysis and reporting, giving manufacturers the confidence to deploy secure medical devices that meet regulatory requirements and protect patient safety.
To ensure the security of your medical devices and comply with stringent regulatory standards, contact Brightsight today for a comprehensive evaluation.
Medical Standards & Recognitions
AAMI TIR 57
UL-2900
MDCG 2019-16
IEC TR 60601-4-5
IEC 81001-5-1
ISO/ISA/IEC 62443
