, , ,

How can we help?

Over the last 10 years we have spent a lot of time researching cybersecurity vulnerabilities for medical devices. In that time we have seen several themes arise again and again; information is highly fragmentary, if it can be found at all, and it is poorly cross-referenced. Even our good friends to the South have not managed to compile a good, centralized store of cybersecurity information as it relates to medical technology. There are many good sources; the FDA, CISA, HHS, DHS (and many more 3-letter acronyms) but none, that we have found, put all the information in one usable and easily digestible location and format.

Our Goal

Cy4Med.ca hopes to help with fill that void. We have gathered cybersecurity vulnerability information from all over the internet and currently use in excess of 100 sources to concentrate that information. We then do our best to cross-reference the data to allow you to have all the information in one place. Our database has vulnerability information from over 85 medical device vendors, covers 1100+ CVE’s for over 1000 vulnerabilities specific to medical devices. We can tell you if a CVE impacting a medical device is being exploited in the wild to help you prioritize your limited time and resources. We also access and display an algorithm that provides a probability that a vulnerability is going to be exploited in the next 30 days.

Some things to consider

Want to know how many medical device vendors have issued a response or guidance to Ripple 20 (oddly enough our database shows 20)? Or, do you have a lot of Baxter infusion pumps and would like to see a list of vulnerabilities for Baxter (in excess of 10). Our database can help make your investigation faster and more efficient and provides links, where they exist, to vendor resources to help guide your remediation/mitigation work.

As of July 2023 here is some information on our database…

300+

Vendor Alerts not referenced in other sources

100+

Sources searched

200+

Medical device related CVE’s that have known exploits

So…. sounds good. How do I get access?

Currently the database exists but is only accessible by SQL queries directly on the database. Our next order of business after getting our site up and running and the document library online is to work out the best front-end for our database. The goal is to have it online for end of 2023.

Membership has its privileges

Site members get early beta-access and offered reduced membership fees as early adopters so please join our community and help contribute. Our goal is to continue and improve usability for everyone so if you have any ideas that you think would improve Cy4Med.ca please feel free to reach out – we’d love to hear from you.

We’re more than just a database

We have more to offer than just our vulnerability database. We have an extensive library of reference material to assist you.

Join us and get access to all we have to offer.

We offer a comprehensive list of services with different membership levels. Find what’s right for you.

Leave a Reply