Harbor Labs engineers are recognized in the healthcare industry as experts in networked medical device security and standards compliance, and have provided the cyberscience underlying many of the medical industry’s leading clinical products.
With extensive experience in a broad array of therapeutic, diagnostic and clinical systems, Harbor Labs staff are often integrated as the cyber component on client development teams, or provide independent cybersecurity QA as part of the release cycles of many of the industry’s leading medical device manufacturers.
By combining expert cyberscience with extensive experience in the clinical functions and common therapies of medical devices, Harbor Labs staff are the ideal go-to-market partner for medical device OEMs.
Harbor Labs provides cyber consulting in support of the FDA PMA and 510(k) certification process, often interacting directly with examiners on behalf of the medical device client to meet the security requirements necessary to certify a system. Our level of support varies based on the requirements of the client, ranging from a purely analytic role to more comprehensive architecture, engineering and remediation projects.
Harbor Labs conducts a thorough security review of all design documentation associated with the device’s firmware, communication protocols, topology, patch models, interfaces, access controls and cryptographic systems. The client is provided with comprehensive analytic review, formatted for regulatory submission and bearing the signatures of senior Harbor Labs staff.
A level beyond the basic security review, Harbor Labs’ experience with medical device firmware and common deployment models allows for the development of customized pen testing and exploitation analyses. Harbor Labs will conduct an exhaustive series of exploitations against the attack surface of the target system to determine any flaws, misconfiguration, weaknesses or vulnerabilities that might disqualify it from regulatory certification.
Harbor Labs is often engaged both premarket and postmarket to design and implement security solutions in response to regulatory and certification requirements. Whether in response to a postmarket vulnerability or as part of the initial premarket security design, Harbor Labs provides the cyberengineering consulting services necessary to ensure rapid authorization to take a product to market. Services include:
The UL-2900-2-1 standard for has emerged as a critical certification in the global medical community, and is a requirement for selling into in an increasing number of global medical markets. As US federal regulators and other international regulatory bodies have continued to adopt and advance this standard, it has become an essential differentiator for many of Harbor Labs’ clients.
Harbor Labs staff has worked with the UL-2900-2-1 standard since its inception, and can provide the engineering and documentation necessary not only to meet certification criteria, but exceed it. Through a series of security assessments that combine static analysis, fuzzing, pen testing and reverse engineering, Harbor Labs can quickly assess a device’s eligibility for certification and significantly expedite the approval process. Where remediation is necessary, Harbor Labs engineers can provide the engineering necessary to meet certification criteria and eliminate costly delays associated with retesting.
As part of the UL-2900-2-1 assessment process, Harbor Labs will produce high-fidelity CVSS 2.0 and 3.0 scoring for any target device. This process includes assessment testing using proprietary Harbor Labs tool sets, operational and environmental analyses, and policy assessments, to produce a series of scores and a composite base score that will be used in the certification process.