Philips Cybersecurity detection
and recovery services
Proactive monitoring of medical equipment for proper
security configuration and correcting known vulnerabilities
Technologies are employed to identify medical assets, monitor their security posture and, when necessary, remediate recognised issues
Philips Cybersecurity detection and recovery services are designed to proactively monitor and update your medical equipment security controls to mitigate vulnerabilities and reduce risk. Our teams support you in medical device security management by providing a comprehensive and consistent oversight of your systems’ security posture and the means by which to identify, prioritise and remedy non-compliance.
Often equipment with assumed security protections are not configured appropriately and can weaken the security posture. Philips identifies incidents with specific healthcare context, to avoid data overload, and then closes the loop with remediation efforts, allowing you to resume operations as soon as possible. This removes the burden of assigning in-house resources to address what is a very complex issue.
Benefits of detection and recovery
Philips Cybersecurity detection and recovery services are broken down into three distinct elements:
Philips Medical Device Monitoring
Philips Incident Response
Philips Incident Remediation
As with all elements in our portfolio of cybersecurity services, you may select the options that best suit your requirements.
Constant vigilance
Philips Cybersecurity Medical Device Monitoring
Philips Proactive security monitoring identifies security issues around antivirus, whitelisting, firewall, and OS patch level statuses for your connected medical equipment. Potential weaknesses are assessed and alerts are created on cybersecurity vulnerabilities. Recommendations for actionable alerts are provided and response and recovery efforts are triggered.
A device must be as protected as it possibly can be. Proactive monitoring checks to see if a device is up-to-date and configured correctly by focusing on three critical areas:
Case creation
Proactive monitoring
Status of the operating system –
Most cyberattacks happen due to a weakness in the operating system (i.e., MS BlueKeep access). Proactive monitoring checks the OS and flags those systems which require updates.
Status of the antivirus protection –
Antivirus software and definitions must be up-to-date to protect against the newest threats. This end point protection is critical to ensure proper whitelisting (explicit granting of access to applications).
Status of the firewall(s) –
Firewalls must be turned on and configured correctly to safeguard their intended devices and systems.
Rapid reaction
Philips Cybersecurity Incident Response
Case creation
Indication of a possible incident/event is received via the security monitoring system (or directly from the customer) and handled by the PSIRT (Product Security Incident Response Team). If the alert meets the criteria for an actionable response, it is logged into the system and a case is created.
Incident assessment & planning
PSIRT further assesses the incident and notifies the appropriate product security officer to be sure they are available to provide guidance to the remote service engineer/field service engineer should technical support be needed during the remediation process. A plan for the management of the incident is created.
Immediate handling
Some incidents require quick response and are handled within the hour. Others are prioritised based on severity and customer contract requirements. Every incident is investigated, resolved and closed as soon as possible.
Throughout the incident response process, your in-house Security Officer and BioMed lead(s) are kept notified of the progress. In addition, you have access to our online complaint system to follow each incident response step. The goal is to get the medical device back to proper operating mode ASAP.
