Login   |   1.866.392.4897 |   sales@timesys.com        English Japanese German French Korean Chinese (Simplified) Chinese (Traditional)

Smart, Reliable and Secure Medical Devices

How do you protect medical devices and monitor exposure to cybersecurity risks?

Can you accurately see and fix vulnerabilities affecting third-party software such open source components in your medical device products?

How do you ensure Software of Unknown Provenance (SOUP) is not putting your customers and their patients at risk?

How do you bring new products to market quickly and cost-effectively while meeting the latest security standards and compliance requirements?

security for medical devices;

Smart, Reliable and Secure Medical Devices

How do you protect medical devices and monitor exposure to cybersecurity risks?

Can you accurately see and fix vulnerabilities affecting third-party software such open source components in your medical device products?

How do you ensure Software of Unknown Provenance (SOUP) is not putting your customers and their patients at risk?

How do you bring new products to market quickly and cost-effectively while meeting the latest security standards and compliance requirements?

Timesys’ solutions accelerate time-to-market for industry-leading medical devices running embedded Linux that meet strict cybersecurity standards at product launch and are kept secure for the entire product lifetime

Timesys Vigiles security vulnerability SBOM scanner

Secure By Design solution integrating best practice security features

Boost security standard compliance by establishing security processes and by providing documentation on security design and features. Simplify meeting IEC 62304, FDA Premarket and Postmarket Security Guidance, and the new NEMA MDS2 Requirements

Unique SCA features, optimized for embedded systems, providing more accurate and streamlined vulnerability (CVE) management and long term maintenance

Deliver new products to market on time and under budget with strong security

Timesys is the partner of choice for the industry’s leading Medical Device Manufacturers (MDMs). Our solutions and services enable you to rapidly develop products that meet the most demanding security requirements.

Medical device security is critical. A successful cybersecurity attack can put patients at risk, compromise health care outcomes and violate privacy laws. Health Delivery Organizations (HDOs) increasingly demand MDMs to meet strong cybersecurity requirements and maintain that security over time.

Gone are the days when an MDM could freeze a medical device’s software at product launch and never update it. Device connectivity is now the norm, and hundreds of new vulnerabilities are uncovered every week, putting devices and HDOs at risk of compromise.

Timesys offers development and security maintenance solutions that ensure your medical devices running embedded Linux are launched with the most secure software components and that they can be kept secure throughout their production lifecycles.

Secure By Design

Stay Secure

Timesys Vigiles
Secure By Design Solution

A custom Yocto security feature meta-layer developed by Timesys and delivered with supporting services to accelerate and simplify an MDM’s implementation of:

  • Secure boot and chain of trust
  • Encrypted storage
  • Secure firmware updates
  • Device security hardening: Bootloader, kernel and user space
  • Protected hardware ports: JTAG, serial
  • Secure world/trusted software development (e.g.: OP-TEE software)
  • Tamper protection
  • Key and certificate management
  • Industry security standard compliance

Timesys Vigiles Vulnerability Management Solution

Software-as-a-service toolset developed by Timesys to provide:

  • Embedded Linux security maintenance tools for your developers
  • Automatic generation of an accurate Software Bill of Materials (SBOM) for medical devices running embedded Linux
  • Accurate vulnerability detection with SBOM filtering
  • Integration with Yocto, Buildroot, Timesys Factory build systems
  • Accurate, curated meta-data on software components for higher rates of vulnerability identification and accuracy, with fewer false positives
  • Streamlined remediation of vulnerabilities with efficient collaboration

BSP Lifecycle Maintenance

Our turnkey BSP Lifecycle Maintenance Service bringing our team of embedded system software experts to manage all aspects of maintaining the OS of your embedded Linux BSPs. We take care of:

  • Monitoring and applying updates and patches, validating changes and providing you with reports on status
  • Maintaining the strongest security posture throughout device deployment
  • Providing you with ready-to-deploy platform updates

Streamline and simplify compliance with medical device security standards and regulations

  • FDA Guidance (FDA-2018-D-3443) for Premarket submissions, such as 510(k):
    • Cybersecurity measures during the design and development of medical devices
    • Identification of assets, threats, and vulnerabilities
    • Assessment of the impact of threats and vulnerabilities on device functionality and end users/patients
    • Likelihood of a threat and of a vulnerability being exploited
  • FDA Guidance (FDA-2015-D-5105) for Postmarket Management of Cybersecurity:
    • Monitoring cybersecurity information sources
    • Maintaining robust software lifecycle processes
    • Understanding, assessing and detecting presence and impact of a vulnerability
    • Establishing and communicating processes for vulnerability intake and handling
    • Using threat modeling
    • Adopting a coordinated vulnerability disclosure policy and practice
    • Deploying mitigations that address cybersecurity risk early and prior to exploitation
  • NEMA Requirements for Manufacturer Disclosure Statement for Medical Device Security:
    • Simplify meeting the new MDS2 disclosure requirements for device security
    • Generate a Software Bill of Materials (SBOM) and provide a process to update it as specified in MDS2
    • Implement device hardening, security updates, remote updates, security of third-party components and other cybersecurity controls specified in MDS2
  • IEC 62304: Software Life Cycle Processes
    • Processes for managing medical device software risks, maintenance and trouble resolution
    • Identify and manage cybersecurity risks for Software of Unknown Provenance (SOUP)

See how Timesys has helped MDMs bring products to market faster, with higher quality, and with stronger security

Case Study: Medical device manufacturer maintains strong product security with Timesys

A leading manufacturer of medical devices wanted to ensure its product line, which featured an NXP i.MX 6 processor based Advantech Qseven module, was kept updated, in sync and secure throughout its development and release. See how Timesys helped the company efficiently manage its product software security and updates throughout the product lifecycle.
View

down arrow

Timesys provides solutions to the “Top 30” MDMs, helping them build FDA Class I, II, and III devices for a broad array of medical needs. Timesys’ Software Engineering Services excel in addressing remote mobile access, networked devices, and integrated systems — from the BSP to the App and UI. Furthermore, Timesys’ Development Environment both directly and indirectly supports FDA certification requirements, which include: build repeatability, documentation, source origin, test reports based on automated regression testing, ongoing security vulnerability notification and patches, and OS maintenance.

Have a project you’d like to discuss?

Request Free Consultation