ManufacturersMedigate Research Labs helps manufacturers deliver more secure products.
The Medigate Way
Coordinated Vulnerability Disclosure
We believe tighter cooperation between manufacturers and security researchers will improve product security. Our researches worked with leading manufacturers to disclose and mitigate vulnerabilities in various medical devices.
Read our whitepaper to learn more about our approach to coordinated vulnerability disclosure.
Medical devices are hard to secure. Many devices were not developed with security as a priority. They cannot be patched or updated regularly to ensure continuity of service. They often rely on outdated operating systems. They are low-hanging fruit for cyber attackers. And when a vulnerability is discovered and exploited, manufacturers can be damaged just as much as providers.
Medigate Research Labs studies numerous device vendors and proprietary device protocols and behaviors to compile our leading signature database and clinical alerts. We leverage our expertise and versatility to provide penetration testing services to manufacturers and improve their inherent security capabilities.
The Medigate Difference
Clinical Domain Expertise
Leading Working Standards
Philips and Medigate worked together to disclose and mitigate three vulnerabilities potentially putting Philips IntelliVue Patient Monitors, and Avalon Fetal/Maternal Monitors at risk of improper authentication, information exposure and stack-based buffer overflow. Medigate was entered into the Philips Hall of Honors.
Medigate identified and disclosed two vulnerabilities in Siemen’s RAPID- Lab® and RAPIDPoint® Blood Gas Analyzers. The first vulnerability allowed remote attackers with credentialed access to elevate privileges. Under the second vulnerability, a hardcoded password could allow attackers access to the device over port 5900/TCP. Medigate was entered into the Siemens Hall of Thanks.
Medigate identified cybersecurity vulnerabilities in Roche point-of-care handheld medical devices, including theAccu-Chek and CoaguChek. The vulnerability could enable attachers to gain unauthorized access and to execute commands on the operating system.