Regulatory Alignment

We align with FDA cybersecurity requirements

Make sure you have the latest guidance from the FDA

Requirement: Use Encryption

Encrypt data in transit, preventing exposure of your data, and creating redundancy against unknown network security controls. Ghost, MedCrypt's secure overlay agent, can enable encryption on existing devices that are already deployed in the field.

Requirement: Use Digital Signatures

Guardian, MedCrypt’s embedded library, makes certain cryptography functions, like signature verification and data encryption, available via an easy to use API/ABI. This allows a user to sign code, data, instructions, configurations, etc. and verify these data structures before they are loaded into an active device, as well as ensure the privacy of sensitive data.

Requirement: Proactively Detect Intrusion

This is the single biggest advantage to using MedCrypt. MedCrypt-enabled devices send behavior metadata to Canary, an event monitoring system (that can be located in the cloud or on-prem), and these events are monitored for suspicious behavior. The behavior baselines are built for healthcare-specific data, that would be difficult or impossible for your organization to capture internally.

Requirement: Publish and Monitor an SBOM

Heimdall, a vulnerability management tool, can import SBOMs and monitor them for vulnerabilities. Users can analyze which devices are impacted by a specific vulnerability or identify which devices use a software component to get ahead of the next WannaCry or Log4Shell vulnerability.

Request a Demo

We live and breathe healthcare cybersecurity

A medical device may look like just another IoT device, but regulatory constraints and their unique use case require a healthcare-first approach to cybersecurity. MedCrypt's solutions are built specifically for medical devices, which means clinical functionality, patient safety, and care delivery are always the highest priority.