CyForMed.ca

Cybersecurity for Medical Devices


Comprehensive Vulnerability Database

One of the biggest challenges for vulnerability and alerts management in Biomedical Engineering is the lack of good information. Vendor resources can be good to non-existent and therefore you need to scour the vastness of the internet to gather all the needed information. This is time consuming and inefficient, especially when it needs to be done for every vulnerability and alert that you are trying to remediate or mitigate.

We feel your pain because we live it too! This was one of the big drivers for Cy4Med.ca – a centralized, collated, and cross-referenced database of medical device vulnerabilities. Soon you’ll be able to do all (or most) of your research in one location and have the information you need to tackle the cybersecurity vulnerabilities affecting your medical devices.

Some Stats about our database:

85+

Vendors

1100+

CVE’s

1000+

Medical Vulnerabilities

Want all the nerdy details?

Head on over to this post where we discuss the project in more detail and provide some sample data of what is in the database.

Knowledge Center

Latest Articles

What’s going on in the world of medical device cybersecurity as well as here at Cy4Med.ca We provide alert information and commentary as well as information on the latest in our industry to help you stay informed.

  • Orthanc Osimis DICOM Web Viewer

    Orthanc DICOM vulnerability

    Read more →

  • Medical Device vulnerabilities actively exploited in the wild.

    I came across an insightful article from 2022 during the holiday break, revealing that vulnerabilities in medical technology are actively exploited by advanced persistent threats (APTs). Our database highlights over 190 known vulnerabilities in medical devices, challenging the belief that our niche field in Biomedical Engineering is immune to cyber threats. This underscores the necessity…

    Read more →

  • CISA Urges End of Default Passwords

    CISA urges technology manufacturers to eliminate usage of default password. Implementation proactively eliminates known path of exploitation.

    Read more →