How do you protect medical devices and monitor exposure to cybersecurity risks?
Can you accurately see and fix vulnerabilities affecting third-party software such as open source components in your medical device products?
How do you ensure Software of Unknown Provenance (SOUP) is not putting your customers and their patients at risk?
How do you bring new products to market quickly and cost-effectively while meeting the latest security standards and compliance requirements?
Accelerate Time-to-Market for Industry-Leading
Medical Devices Running Embedded Linux
Meet cybersecurity standards at product launch and keep products secure for their entire lifecycle
Integrate best practice security features
Timesys’ VigiShield Secure by Design Services enable rapid development of mission-critical, secure components for embedded medical devices.
Boost security standard compliance
Simplify meeting IEC 62304, FDA Premarket and Postmarket Security Guidance, and the new NEMA MDS2 Requirements
Provide more accurate and streamlined vulnerability (CVE) management
Unique SCA features, optimized for embedded systems, providing more accurate and streamlined vulnerability (CVE) management and long term maintenance
Update & maintain security of your Linux OS/BSPs throughout the device lifecycle
Timesys’ embedded system Software Engineering Services enable rapid development of mission-critical, secure components for Industrial Control Systems, Industrial Internet of Things and Industrial Autonomous Control Systems
Deliver new products to market on time and
under budget with strong security
Timesys is the partner of choice for the industry’s leading Medical Device Manufacturers (MDMs). Our solutions and services enable you to rapidly develop products that meet the most demanding security requirements.
Medical device security is critical. A successful cybersecurity attack can put patients at risk, compromise health care outcomes and violate privacy laws. Health Delivery Organizations (HDOs) increasingly demand MDMs to meet strong cybersecurity requirements and maintain that security over time.
Gone are the days when an MDM could freeze a medical device’s software at product launch and never update it. Device connectivity is now the norm, and hundreds of new vulnerabilities are uncovered every week, putting devices and HDOs at risk of compromise.
Timesys offers development and security maintenance solutions that ensure your medical devices running embedded Linux are launched with the most secure software components and that they can be kept secure throughout their production lifecycles.
Streamline and simplify compliance with medical device security standards and regulations
FDA Guidance (FDA-2018-D-3443) for Premarket submissions, such as 510(k):
- Cybersecurity measures during the design and development of medical devices
- Identification of assets, threats, and vulnerabilities
- Ensure trusted content by maintaining code, data, and execution integrity
- Maintain confidentiality of data
FDA Guidance (FDA-2015-D-5105) for Postmarket Management of Cybersecurity:
- Monitoring cybersecurity information sources
- Monitoring third party software components for new vulnerabilities throughout the device’s total product lifecycle
- Understanding, assessing and detecting presence and impact of a vulnerability
- Validation for software updates and patches that are used to remediate vulnerabilities, including those related to off-the-shelf software
- Deploying mitigations that address cybersecurity risk early and prior to exploitation
NEMA Requirements for Manufacturer Disclosure Statement for Medical Device Security:
- Generate a Software Bill of Materials (SBOM) and provide a process to update it as specified in MDS2
- Implement device hardening, security updates, remote updates, security of third-party components and other cybersecurity controls specified in MDS2
IEC 62304: Software Life Cycle Processes
- Processes for managing medical device software risks, maintenance and trouble resolution
- Identify and manage cybersecurity risks for Software of Unknown Provenance (SOUP)
Secure By Design
Vigishield Secure By Design Services
A custom Yocto security feature meta-layer developed by Timesys and delivered with supporting services to accelerate and simplify an MDM’s implementation of:
- Secure boot and chain of trust
- Encrypted storage
- Secure firmware updates
- Device security hardening: Bootloader, kernel and user space
- Protected hardware ports: JTAG, serial
- Secure world/trusted software development (e.g.: OP-TEE software)
- Tamper protection
- Key and certificate management
- Industry security standard compliance
Vigiles Vulnerability Management Solution
Software-as-a-service toolset developed by Timesys to provide:
- Embedded Linux security maintenance tools for your developers
- Automatic generation of an accurate Software Bill of Materials (SBOM) for medical devices running embedded Linux
- Accurate vulnerability detection with SBOM filtering
- Integration with Yocto, Buildroot, Timesys Factory build systems
- Accurate, curated meta-data on software components for higher rates of vulnerability identification and accuracy, with fewer false positives
- Streamlined remediation of vulnerabilities with efficient collaboration
Linux OS and BSP Maintenance
Our turnkey BSP Lifecycle Maintenance Service bringing our team of embedded system software experts to manage all aspects of maintaining the OS of your embedded Linux BSPs. We take care of:
- Monitoring and applying updates and patches, validating changes and providing you with reports on status
- Maintaining the strongest security posture throughout device deployment
- Providing you with ready-to-deploy platform updates
See how Timesys has helped MDMs bring products to market faster, with higher quality, and with stronger security
Medical device maker maintains strong product security with Timesys
A leading MDM wanted to ensure its product line, which featured an NXP i.MX 6 processor based Advantech Qseven module, was kept updated, in sync and secure throughout its development and release. See how Timesys helped the company efficiently manage its product software security and updates throughout the product lifecycle.
Timesys provides solutions to the “Top 30” MDMs, helping them build FDA Class I, II, and III devices for a broad array of medical needs. Timesys’ Software Engineering Services excel in addressing remote mobile access, networked devices, and integrated systems — from the BSP to the App and UI. Furthermore, Timesys’ Development Environment both directly and indirectly supports FDA certification requirements, which include: build repeatability, documentation, source origin, test reports based on automated regression testing, ongoing security vulnerability notification and patches, and OS maintenance.
HAVE A PROJECT YOU’D LIKE TO DISCUSS?
Start the Conversation
Stop worrying about how you are going to find the engineering time and in-house expertise to give your product the professional architecture and security attention it needs.