MedCrypt, Inc., the proactive cybersecurity solutions provider for medical device manufacturers, including seven of the top 10, today announced its partnership with Stratigos Security, a company that specializes in penetration testing and independent security assessments. Together, they offer a suite of third-party assessment and advisory services, with specialized penetration tests for medical device makers to assure the safety and effectiveness of their devices.
In March 2023, the Food and Drug Administration (FDA) announced that beginning October 1, 2023, it will “refuse to accept” medical devices that fail to meet cybersecurity requirements, further highlighting the need for developers to design and maintain products that align with the FDA’s pre- and post-market guidance.
Conventional penetration tests are a poor fit for assessing medical device safety and effectiveness risks. The MedCrypt-Stratigos partnership provides specialized penetration testing specifically designed for medical device manufacturers. These specialized tests simulate attack techniques to identify reasonably foreseeable cybersecurity issues, providing a vital source of evidence to inform risk management. The results and reports are clear, practical, and can be submitted for regulation, making it easier to bring the devices to market and reducing post-market problems. Mature organizations build these tests into their product development framework from the outset, continuing through the lifetime of the device.
“We are excited to team up with Stratigos,” stated Mike Kijewski, CEO of MedCrypt. “It is imperative for device makers to have access to world-class testing resources. Through our partnership with Stratigos, device makers can rely on our combined expertise and insights to ensure the security and integrity of their critical medical devices.”
This partnership provides manufacturers with pertinent identification of vulnerabilities and potential risks to patient safety and data privacy, offering independent evidence to regulators and third parties through regulatory-ready pentest reports. MedCrypt’s comprehensive cybersecurity offerings satisfy the FDA’s and global regulators’ secure product development framework requirements, ensuring healthcare organizations comply with regulations and proactively approach medical device cybersecurity.
“Our team of experienced cybersecurity experts, combined with MedCrypt’s deep understanding of medical device security, enables us to deliver comprehensive and effective penetration testing and security assessments that are tailored to the unique requirements of medical devices. We are committed to helping healthcare organizations mitigate cyber risks and safeguard patient safety,” said Beau Woods, the CEO of Stratigos Security.
Key members in this initiative are:
- Beau Woods, CEO of Stratigos Security and the co-founder of the Biohacking Village: Device Lab at DEF CON (the world’s biggest hacking conference). Additionally, Beau served as an Entrepreneur in Residence with the FDA, Senior Advisor with the US Cybersecurity and Infrastructure Security Agency (CISA), and has published works as an author and co-author.
- Naomi Schwartz, senior director of quality and safety at MedCrypt. Her background includes working at the FDA to evaluate software and cybersecurity for the world’s first regulated Automated Insulin Delivery (AID) System and developing Class II regulatory pathways for the three major components of AID systems, a game-changer for supporting patients with insulin-dependent diabetes.
- Seth Carmody, vice president of regulatory strategy at MedCrypt. Prior to MedCrypt, Carmody worked as the Cybersecurity Program Manager in the Office of the Center Director, Emergency Preparedness/Operations and Medical Countermeasures, within the FDA’s CDRH.
- Paulino Calderon is co-author of Practical IoT Hacking, Paulino has developed open-source hardware and software tools such as Nmap (one of the top security tools), DICOM fuzzing libraries, CatSniffer, and OWASP IoT Goat.
- Lukas Kuzmiak specializes in complex systems testing, from large networks to wearable devices including hardware and firmware security for embedded systems with an emphasis on communication layer and custom protocol analysis.
- Michelle Thompson specializes in embedded systems testing, including communications protocol testing, hardware security testing, privilege model analysis, and firmware review.
MedCrypt currently provides enhanced security products and services for seven of the top 10 medical device manufacturers as well as startups and mid-sized companies, including the leading manufacturers of surgical robotics technologies and virtual reality applications for minimally invasive surgery. If you need a penetration test or any other services to ensure safety and efficacy or to comply with regulatory submissions, visit medcrypt.com.
About Stratigos Security
Stratigos Security provides advice and guidance on information security programs, strategies, and policies. The company offers specialized services such as penetration testing, risk assessments, strategic advisory, and security program development for companies across multiple industries and sizes up to Global 100.
About MedCrypt
Medcrypt is helping healthcare technology companies ensure medical devices are secure by design. We provide cybersecurity products and strategic management consulting to expedite the go-to-market process of medical device manufacturers’ new life-saving connected technologies. Founded in 2016 by a team of healthcare cybersecurity experts, Medcrypt is uniquely positioned to be the security catalyst for medical device manufacturers to design secure, FDA-approved technologies. We continue to work with those paving the way toward safe and reliable medtech.
To date, Medcrypt has raised more than $36 million in funding with participation from Johnson & Johnson Innovations, Intuitive Ventures, and Dexcom Ventures. For more information, please visit www.Medcrypt.com.