Life Critical Identity for Medical Devices

Does Your Organization Have a Method For Securing Their Devices?

There are over 34 billion internet-connected devices in our homes, businesses, and institutions today. Analysts predict that number will climb to 50 billion by 2020. The Internet of Things (IoT) increasingly includes life-saving medical devices, like pacemakers, that empower healthcare professionals with more information than ever before.

Cybersecurity is paramount in IoT medical devices. The data captured by these devices can inform critical healthcare decisions — it must be secure, validated, and accessible only to authorized users. In addition to cybersecurity standards and regulations, these devices must comply with requirements to protect health information (such as HIPAA).

CMS VerdeTTo™ provides a platform on which organizations can build a dedicated, trusted IoT security system for medical devices. To achieve your businesses supply chain’s needs, CMS VerdeTTo™ has the ability to manufacture worldwide allowing flexibility and cost-efficiency.

Based on strong identity and certificate management, CMS VerdeTTo™ delivers value across the entire lifecycle of an IoT medical device, from initial project design to end-user operation.

How CMS VerdeTTo™ Locks Down IoT Medical Device Security

  • Secure identity ensures that every action and interaction of the device occurs in a verifiable context.
  • Unique credentials for each device. With unique identity provisioning, each device can authenticate and transfer data securely. Data is non-reputable.
  • Organization-specific Root of Trust (RoT). Eliminates the shared risk of sharing RoT.
  • Firmware and software code signing. Every device can receive trusted, verified updates to strengthen security on an ongoing basis.
  • Complete lifecycle management for certificates, keys and RoT. CMS VerdeTTo™ is a crypto-agile platform that allows for unlimited scalability.
  • Private key storage. Non-exportable keys are securely protected and generated on-device.
  • Flexible operating models. CMS VerdeTTo™ can operate on-premise or in the cloud, integrate with any public or private certificate authority, and be a fully managed PKI-as-a-service.


Security for IoT Medical Devices Across the Device Life Cycle

CMS VerdeTTo™ protects medical device security at all points in the device’s lifecycle.

  • Project design: CMS VerdeTTo™ establishes identity framework and a chain of trust that ensures the device will do only what its designers intend. Integrating CMS VerdeTTo™ from the initial project outset makes it easier to manufacture, move, deploy, and use the device securely.
  • Manufacturing: Unique identity injected during manufacturing leverages on-device key integration and ERP integration to enable efficient device implementation.
  • Supply chain: Identity sets ownership and role assignment for each device, allowing for chain of custody verification and allowing the device to interface with authorized business systems.
  • Deployment: Device performs as intended according to its identity and role established in manufacturing.
  • Operation: Authenticated administration, code signing, and verification of secure code updates allows device to remain crypto-agile as it communicates and reports data securely.


implementin cybersecurity for medical devices

Implementing Cybersecurity for Medical Devices with CMS VerdeTTo


Using CMS VerdeTTo™ for medical device cybersecurity is a three-step process.


1. Installation at plant

  • Installing Agent
  • Generating Trusted Bootstrap Certificate
  • Configuring Identifiable Attributes

2. Customer activation/provisioning

  • Activating Agent
  • Authenticating with CMS VerdeTTo™
  • Generating new client certificates

3. Continuous management

  • Inventory discover/management
  • Adding/Removing digital certificates
  • Reenrollment and revocation of digital certificates
  • Signing software and firmware
  • Data encryption and privacy control

CSS security solutions for Healthcare

Find out how to protect your devices, software, networks, providers, patients or clients before an issue occurs.