We provide software security, threat modeling and threat mediation in the medical device and healthcare space working with technology developers in Israel.
How does this work?
We evaluate your healthcare software system or medical device from an attacker point of view, then from the management team point of view, and then recommend specific detailed action steps to close the gap between your product and HIPAA security and privacy requirements. We then train your product development team based on these recommendations.
Many medical devices still run on Microsoft Windows; variants of Windows XP, Windows XP embedded and Windows server systems are not uncommon.
Being a commodity operating system, primarily designed for ease of use by end-users and application development by programmers using Visual Studio, it is not uncommon to see malware attack medical devices and healthcare information systems.
If your’e a medical device or healthtech developer using Windows platforms, one of the first action steps we recommend is to setup a security ERT (emergency response team) with a clear response plan and division of responsibilities.
The security ERT will be your first responders in the case of a data leak or malware infection.
The ERT should have a clear, well-thought and debugged procedure for removing malware. See this excellent malware removal guide for an example.