Today’s medical device manufactures are pairing mobile applications with medical devices to optimize patient care, data collection, and reporting. Connected digital health apps run on patient mobile devices and handle ePHI (electronic protected health information), which makes them vulnerable to any number of application- and device-based threats.
Zimperium’s Mobile Application Protection Suite (MAPS) helps medical device manufacturers build secure, FDA-compliant mobile applications. It is the only unified solution that supports connected medical device and app security with centralized threat visibility and response.
- zScan: Identify security and compliance risks during the development phase
- zDefend: Gain runtime threat visibility and self-defense capabilities
- zKeyBox: Safeguard cryptographic keys used to encrypt and decrypt data across all platforms
- zShield: Harden and protect your code and intellectual property (IP) with obfuscation and anti-tampering capabilities
Our unified mobile security platform identifies risk across the app lifecycle, helping you ensure the integrity of connected medical devices and apps, maintain compliance with key regulators, and protect your brand.
Meet Pre-Market & Post-Market Safety Standards
In order to receive and maintain FDA approval, or a CE Mark from EMA, application teams supporting connected medical devices and apps must identify and mitigate cybersecurity vulnerabilities during development cycles.
zScan allows you to integrate mobile app security scans into your Cl/CD (continuous integration/continuous delivery) workflows, so you can automatically identify vulnerabilities throughout the development process.
- Identify mobile app security risks without delaying the development lifecycle
- Mitigate compliance risks related to business-critical regulatory entities like the FDA, PCI, HIPAA and GDPR
- Make it easy to track findings with DevOps and ticketing system integrations
Provide Security Gap Coverage
Due to the lengthy release process for connected medical devices and apps, any static security designs for the mobile app are typically outdated by the time the app reaches the market. Once the app is released and being used by patients, it’s up to those individuals to keep their devices patched.
With zDefend embedded, the app can actively detects advanced threats like zero-day exploits and malware at runtime to ensure the application stays ahead of evolving mobile threats.
- Protect patient devices from dangerous malfunctions, fraud, and medical data theft
- Leverage machine learning to identify abnormal behavior associated with phishing and malware attacks
- Access real-time threat telemetry related to security and compliance risk
This will be a critical step in meeting the post-market cybersecurity guidelines outlined in Section 524B of the FDA Omnibus Appropriations Act.
Safeguard Sensitive Data and Secrets
Digital health apps process sensitive patient information and performance data on personal devices. When a device is compromised, traditional encryption exposes cryptographic keys in memory, and hardware keystores are no longer secure.
zKeyBox uses white box cryptography to ensure that keys cannot be extracted — even if a device is jailbroken or rooted. With zKeyBox, your keys are safe when stored, in transit, and in use.
- Keep your keys safe at all times, even on compromised devices
- Protect any cryptographic algorithm such as AES, 3DES, RSA, ECC, HMAC, or custom algorithms
- Replace standard cryptographic libraries using a simple plug-and-play integration
Protect Your Intellectual Property
Medical device manufacturers operate in highly competitive environments across multiple countries, making it almost impossible to ensure copyright and IP protection.
zShield uses mobile app obfuscation to protect apps from reverse engineering and tampering.
- Stop malicious actors from discerning source code, repackaging apps with malware, or building clone apps
- Gain continuous visibility into tampering attempts and automatically defend against efforts to alter your code
- Protect apps across patient and provider devices and loT ecosystems