Sterling Medical Devices & RBC Medical Innovations are combining to create Vantage MedTech! Meet RBC
Contact Us
Close Form

Interested in learning more about how we can work together in your current or next medical device design project?

Just fill out this form and we’ll be in touch!

  • This field is for validation purposes and should be left unchanged.

Wherever you are in your product development lifecycle,
Sterling can help.

P: 201-877-5682
F: 201-301-9169

Sterling Medical Devices’ Cybersecurity Expert, Keith Handler, Interviews with Lee Neubecker of Enigma Forensics in a 3-part series on Cybersecurity in Medical Devices

Author: Dan Sterling | Date: April 3, 2020

Our Cybersecurity Expert, Keith Handler, provides insight into the challenges that medical device developers and manufacturers face today. Cybersecurity regulations and preventative measures are the focus in the 3-part series with Enigma Forensics.

Medical Device Security

As an ISO 13485 certified medical device development company, Sterling Medical Devices always makes safety a top priority.
“Sterling Medical Devices is a 13485 certified product development firm. We help various companies design and develop electro-mechanical medical devices. Pretty much from, anything from concept to submission to the FDA.”

To ensure the proper functioning of the devices and the safety of patients and anyone who may interact with the devices, Sterling rigorously follows specific guidelines. Securing Patient Help Information (PHI) confidentiality of patients in systems becomes a significant challenge when the hospital system integrates medical information.

“We may have control over the confidentiality of the information and of the commands that are sent and received within a device, but as soon as we connect to an external system, we lose control of that data.”

At Sterling, the company works hard to address these challenges and to provide guidance and assistance throughout the medical device development process.In line with the company’s practice of prioritizing safety, Sterling Medical Devices considers different encryption options when evaluating medical devices. Where embedded medical devices are concerned, certain complexities often need addressing. Embedded medical devices usually ship as low powered devices with limited storage space and limited capabilities. These limitations reduce the options available with regards to encryption. If possible, despite low storage and capabilities, Sterling uses hardware encryption chips to secure the sensitive information existing on these medical devices. If not, they rely on embedded libraries with FIPS-2 certifications.

FDA Cyber Regulations

At a glance, one wouldn’t expect the FDA to have cybersecurity concerns. However, since most medical devices these days have some form of internet connectivity, one can easily understand why the FDA is scratching its head over cybersecurity.

Wanting to keep up with these threats, the FDA has issued guidance in an attempt to categorize cybersecurity risks in medical devices. They have also outlined basic standards to follow in designing, testing, and documenting processes for developing devices. That guidance is currently how Sterling Medical Devices implements most of its analysis processes and controls.

The FDA has chosen to recognize specific certifications, such as UL 2100-1-2, a certification for network-connected systems. Additionally, medical devices can follow AAMI TIR57 guidelines to manage potential risks. TIR57 is a guideline that helps medical device manufacturers and developers create a cybersecurity risk management process for the devices. “AAMI TIR57 describes how to marry up the processes of medical safety risk analysis and security analysis.” The primary goal of AAMI TIR57 is to categorize the protected assets within the system, known vulnerabilities, and create a list of attack vectors. With this information, one should successfully be able to identify the real risks and create a plan to protect against them, starting from the ground up.

Preventative Measures

Keeping medical devices safe, as mentioned earlier, is the primary concern of medical device manufacturers and developers. It’s important to know what measures to take to ensure device safety.

“Hospital healthcare providers need to be making sure that they are up-to-date with the manufacture of all of their devices, that they are keeping apprised of any kind of recalls or anything like that. Manufacturers, the people that we typically deal with, product developers, their responsibility is to maintain a bill-of-materials, a cyber bill-of-materials; their libraries, their encryption circuits, make sure that they’re tracking the versions and things like that so that when a company has a vulnerability exposed, they can become aware and make updates and push them, software especially, as fast as possible.”

The Federal Information Processing Standard (FIPS), specifically FIPS 140-2, is the specific certification for encryption libraries, which proves them to be usable and certified for federal and medical systems. These, along with hardware encryption chips, are reliable and performant. Here at Sterling, we use federally certified ones as a way to ensure we are up to date with current standards.

Another safety measure to take is to ensure that devices know the firmware is authentic. Through “digital signing, signature verification encrypting of that firmware package, devices can validate the authenticity of the firmware. That way we have a verification process in place to ensure that what we’ve got coming down is good.”

As evolving technology shapes the medical device industry, more devices have internet connectivity. Connectivity creates an advantage of remotely receiving security updates but a disadvantage of new security vulnerabilities that may be unforeseen. The functionality of devices and the safety of the patients is dependent upon keeping up with regulations and following guidelines.

To view the interviews click on the links below:

Medical Device Security Challenges

FDA Cybersecurity Regulations: Medical Devices

Preventative Measures: Medical Devices

Share this!

Contact Us

  • This field is for validation purposes and should be left unchanged.


3D prototype of prosthetic hip bone

July 29, 2022

How Quickly Can You Rapid Prototype a Medical Device?

Designing, developing, and getting a medical device on the market involves risk. It requires a large investment of your company time, resources, and reputation. It also includes risk for the...
Read More >
View More Blogs

February 18, 2021

5 Mistakes Medical Device Startups Make

Startups are the lifeblood of medical device innovation. Without universities researching ways to solve pressing healthcare problems or doctors with experience in a particular field who have an idea to develop a prototype medical device that could help patients, the future technologies needed to help save lives wouldn't happen. But the long, arduous road through the FDA submission process to get market approval can take a long time and cost a lot of money without help. Sterling Medical Devices has been helping startups through the FDA approval process since 1998 without ever having a submission rejected.
Read More >
View More Videos
people developing a product

November 23, 2020

Sterling Helps Print Parts Win Contract with City of New York for Production of Medical-Grade Nasal Swabs

Sterling Medical Devices performed design services for a Class III breathing pacemaker with Major Level of Concern software, intended for use by patients who have lost neurological control of respiration. This life-sustaining device is comprised of two main components: an internal passive receiver and an external controller....
Read More >
View More Case Studies

Need help with your medical device?

Let Sterling Medical Devices show how to bring your idea from concept to prototype to
FDA/CE approval with a free custom project analysis.
Request Free Analysis