Solving Life Critical Medical Device Security Challenges with Unique Identity, at Scale, and with Crypto-Agility

CLEVELAND — It’s no secret that life critical connected medical devices require security. The data captured by these devices can inform critical healthcare decisions — requiring it to be secure, validated, and accessible only to authorized users. In addition to cyber security standards and regulations, these devices must comply with requirements to protect health information (such as HIPAA). Finally, devices need a secure and scalable update process, as a recall of implanted medical devices is no nightmare any manufacturer wants to endure.

CSS has launched a next generation, crypto-agile platform that addresses medical device security challenges by establishing a unique identity foundation and lifecycle management strategy. Organizations can build a dedicated, cost-efficient device security system to achieve world-wide business supply chain needs.

Security for Life Critical Medical Devices Across the Device Lifecycle

Based on unique device identity through digital certificates, the platform delivers value across the entire lifecycle of an IoT medical device, from initial project design to end-user operation.

• Project design: The platform establishes identity foundation and a chain of trust that ensures the device will do only what its designers intend. Integrating devices to the platform from the initial project outset makes it easier to manufacture, move, deploy, and use the device securely. The platform’s crypto-agile design structure enables secure updates like bug fixes or software updates with ease.
• Manufacturing: Unique identity injected during manufacturing leverages on-device key integration and ERP integration to enable efficient device implementation.
• Supply chain: Identity sets ownership and role assignment for each device, allowing for chain of custody verification and allowing the device to interface with authorized business systems.
• Deployment: Device performs as intended according to its identity and role established in manufacturing.
• Operation: Authenticated administration, code signing, and verification of secure code updates allows device to remain crypto-agile as it communicates and reports data securely.

Visit CSS at the Medical Device Cybersecurity Risk Mitigation Conference or learn more: https://info.css-security.com/life-critical-identity-for-medical-devices-css