Original Post from InfoSecurity Magazine
Royal Philips Scores a Cybersecurity First
Health technology company Royal Philips has become the first medical device manufacturer to receive a new product cybersecurity testing certification.
The certification—catchily titled UL IEC 62304—was created by independent global safety certification and testing nonprofit company Underwriters Laboratories (UL).
The aim of the new certification is to provide an overall framework to evaluate the maturity and robustness of a medical device manufacturer’s cybersecurity controls. It also assesses the company’s capabilities for product development.
“To receive this certification from Underwriters Laboratories, a long-established global leader in standards creation and safety testing, is a strong validation of our program and an opportunity to advance healthcare and personal health product security even further,” said Michael McNeil, global product security & services officer at Royal Philips.
The UL certification combines security principles from international standards (ISO 13485 and ISO 14971) with cybersecurity testing elements of the established UL 2900-2-1 standard for Software Cybersecurity for Network-Connectable Products, which focuses specifically on the demanding requirements of healthcare and wellness systems.
Dutch company Royal Philips was founded as Philips & Co. back in 1891 to manufacture incandescent lamps and other electrical products. Like the company’s global reputation for manufacturing light bulbs, McNeil said being the first medical device manufacturer to earn the certification was not something that was achieved overnight.
“We’ve spent years building a successful and effective end-to-end Security by Design program, embedding security principles and best practices throughout a product’s life cycle,” McNeil said.
To gain the certification, Royal Philips underwent an audit, during which their core product security processes were reviewed and verified. UL researchers examined the company’s security risk management and risk control measures, software security verification planning, change management and continuous improvement, and Philips’ laboratory quality management system.
McNeil said that cybersecurity was something that the public expects medical device manufacturers to take seriously.
He said: “At Philips, we understand that our customers have high and growing expectations for the security of the solutions that they rely on. In addition, global regulatory authorities have also increased the scope and scale of product cybersecurity compliance requirements to help protect patients and consumers. We look forward to continuing to meet these critical commitments.”
Go to Source