Medical devices are increasingly complex and connected systems existing in complex connected ecosystems of healthcare delivery. Standard security controls can ensure some baseline security capabilities, but they fail to address the myriad of ways that medical devices are used to determine the interface with the healthcare ecosystem, and most important, how security risks could result in unacceptable safety issues. 

Instead, for several years, the Food and Drug Administration (FDA) has recognized the value of threat modeling as an approach to strengthen the cybersecurity and safety of medical devices. 

FDA has found 510(k) submissions to be “not substantially equivalent” (NSE) and “premarket approval” (PMA) devices to be not approvable based on cybersecurity concerns alone. LP3 provides expertise in cybersecurity will provide services that will meet or exceed both FDA and European medical device threat modeling compliance.

• Threat Modeling and Security Risk Analysis

• Security Experts Participate in Design

• Forensics and Incident Response

• Cyber Security Penetration and Vulnerability Testing

• Post-Market Continuous Monitoring and Reporting

• Supply Chain Risk Management / Third Party Risk Management

• Medical Device, Enterprise and Document Security

• Cybersecurity Training & Virtual CISO Services

• Subject Matter Expert (SME) Certifications – CISSP-ISSAP, ISSMP, Security+ CE, CompTIA A CE, CEH