Product Cybersecurity

Seamless and continuous protection from day one
Alongside a dedicated team of medical device cybersecurity experts, GE Healthcare provides a holistic approach to managing product cybersecurity. From initial product design and development to optimization and maintenance throughout a device’s lifecycle, we help to ensure your medical devices are more secure so you can deliver patient care that is seamlessly connected and continuously protected.

  • Bringing threats to light

    The earlier we protect a device, the better we can help stop data breaches that can profoundly impact an organization’s productivity, finances, quality of care, and reputation.

Data
29 million records breached in 20201

Systems
82% of hospital tech experts reported a data breach in 20182

Workflow
Nearly 10 days of downtime per attack3

Cost
The average healthcare breach costs
$7 million to resolve4

Secure product development

Design Engineering Privacy and Security (DEPS) is our thorough secure product design and development process, following a rigorous set of principles that guide us through all stages of product development, testing, and preparation for the market.
GE Healthcare's secure product development process includes addressing findings, design phase, formal documentation, full threat assessment, quality management system checkpoints, and final development stages.

  • Address findings

    Assessment findings are reviewed by the cybersecurity team, and are either fully addressed prior to release, or in rare cases with lower associated risks any residual risk is formally risk-accepted and documented.

  • Design phase

    During early development, we determine what the product or solution architecture will be based on its intended function, how it will be used, and what environment it will operate in.

  • Formal documentation

    Prior to release to the market, documents are created to describe any deployment-related controls for the customer to implement. A standardized hand-off of residual risk is a formal part of this documentation.

  • Full threat assessment

    Performed based on initial design and operating environment using industry standard threat models that specifically tailored to the clinical environment in which a device operates.

  • Quality management system checkpoints

    Throughout the development process, control implementation is continuously monitored and controlled.

  • Final development stages

    Manual review, vulnerability scans, static and dynamic code analysis, and several phases of internal and external penetration testing are all performed to ensure full implementation and help secure our products throughout their lifecycle.

Security controls

Preventing breaches begins with building strong cybersecurity controls into our imaging devices and securing every new product by design the day it arrives at your hospital—protecting your organization from the very start. Here’s how we help prevent some of the most common cybersecurity risks.

Lifecycle management

  • Ongoing cybersecurity protection with Continuity

    Available as a separate purchasable option through your service contract, Continuity™ delivers ongoing operating system updates, system software upgrades, and cybersecurity patches to help ensure your devices stay current throughout their lifecycle.

Resources

Contact us to learn more

Discuss your cybersecurity challenges with a GE Healthcare expert today.

JB19247XX