Vulnerability in your cybersecurity posture can happen in three different ways: through people, processes, and products. Our tests cover each area, using vulnerability assessment procedures, analysis, reviews, and interviews as required.
We assess the cybersecurity awareness level in your organization to see if staff are following current security policies and procedures when handling or supplying medical devices, or managing facility-related control systems. We check that adequate training has been provided and followed.
We examine processes, for example for the configuration and operation of devices, including the possible transfer of patient data, and of control systems. We also check the processes for protecting systems with the latest, most secure versions of software and hardware in a timely way.
We inspect the use of cybersecurity technologies relating to devices and control systems, including layers of protection, such as firewalls, intrusion detection systems, security analytics, and other solutions.
Vulnerabilities have increased significantly in this area, as internal IT systems and networks have been connected to external networks, while devices may still be running outmoded operating systems whose security defects are no longer being corrected by vendors.
After completing our assessments, we make a full report to you of the situation, with constructive recommendations on how to most effectively and most efficiently reduce or eliminate the vulnerabilities found.