Medical Device Security

See how an end-to-end IoT identity platform provides trusted medical device security for IoMT and emerging healthcare technologies.

Medical Device Security


From providing remote monitoring and medicine delivery, to accelerating the discharging of patients, to supporting telemedicine, the devices and technologies you develop are at the center of healthcare. The demand for trust in these technologies from HDOs, physicians, regulatory agencies, payors, and patients is driving device manufacturers to address security at the beginning of the manufacturing process. Because as the IoMT grows, the potential for medical device security lapses from release through use grows too.

The devices you produce gather precious data and connect to other devices and systems, often over open hospital networks. Unsecured connectivity presents significant gaps in security. This means that for device manufacturers like you, it’s no longer just about building great hardware – the device you’re producing actually becomes defined by the software it’s running and the network it’s running on.

To get ahead of medical device security issues post-deployment, creating a secure foundation as early as the design phase using digital identities just makes good sense. Unique identities minimize the opportunity for a device to be compromised because it will be programmed with a cryptographic key associated to that distinct identity. And when firmware is designed correctly, it extends to all who touch it – allowing all of your stakeholders to communicate with the device securely and with confidence.

Through design, manufacturing, deployment, and ongoing management, Keyfactor Command for IoT provides the identity foundation you need to produce and sustain the most secure medical devices on the market – giving you the freedom to design great products and the confidence that they’ll deploy and remain secure throughout their use.

  • Complete end-to-end lifecycle management for every certificate in your environment
  • Compatibility with any operating system
  • Remote operability for in-field updates and management
  • Scalable security at the time of manufacture – setting you apart from your competition
  • The capability for users to meet compliance requirements for HIPAA and other regulatory mandates
  • Variety of libraries to assist with provisioning and ease of PKI deployment


Vulnerabilities in connected medical devices, such as pacemakers and infusion pumps, have led to a number of recalls and FDA warnings. In 2017, the US Food and Drug Administration (FDA) recalled 465,000 pacemakers after discovering security flaws that could allow hackers to drain device batteries or send malicious instructions to modify a patient’s heartbeat.

Creating a secure foundation at the start of manufacturing just makes good sense. It’s during the design phase where you want to incorporate cryptography, binding digital identity, so it’s inherent in the device. But it’s not just the medical device manufacturer who’s on the hook – the healthcare provider or hospital must also put an identity on the device that aligns with the original identity from the device manufacturer. This is where getting the keystore right is imperative. When the firmware is designed correctly, it becomes extensible to all those in the device ecosystem – so the hospital can communicate with the device, the patient’s caregiver can communicate with the device, and so on.


Most people believe the greatest security threat from connected pacemakers, insulin pumps and other devices is data  exfiltration. However, the real risk is a more disruptive attack — one that changes how the device performs, or if it performs at all. 

Next is the challenge of large-scale interoperability. Patient care facilities are overwhelmed with the number of devices that need access to their network, including the EMR provider. They often aren’t even aware of all the devices that have access – providing an easier opportunity for hackers to infiltrate medical devices and systems.

Additional security threats include:

  • Unauthorized access to devices
  • Corrupt device coding
  • Harm to a patient’s safety and health
  • Loss of protected health information
  • Stolen intellectual property


Keyfactor Control makes it easy and affordable to build in high-assurance security identity at every step of the IoMT device lifecycle.

Our team of experts works with you to design a framework that aligns to your specific needs and objectives – to meet your timelines and ensure easy implementation:

  • Provision a secure and unique identity for every device during activation
  • Bind custom attributes to device identities without having to modify, revoke or reissue any certificate
  • Centralized Root of Trust management of certificates, key stores, and trust stores across all devices, applications, servers, and services
  • Firmware signing & secure boot workflow
  • Available for embedded Android & native-C for real-time operating systems
  • Cloud-hosted with the option for On-Premise deployment
  • Time-tested SLAs with guaranteed response times
  • Superior support team proven by 97% customer retention rate & direct client feedback

With Keyfactor Command for IoT, you get:

Secure Code Signing

Signing firmware and software updates are a critical best practice to ensure that the software installed in your devices is genuine.

IoT Ecosystem Integration

APIs and plug-ins allow the IoT ecosystem to authenticate device identities, and enforce granular access control based on extended attributes.

Installation and Identity Provisioning

Installation of Keyfactor Command for IoT and provisioning of a secure and unique identity during the device activation process.

Mass Scalability

Proven in environments of 500-million devices, running either on-premise, in the cloud, or in a custom architected hybrid mode.

Private and Public Certificate Authority

Includes a fully managed private PKI, and supports both internal certificate authorities as well as public issuers such as CerticomDigiCert, and Entrust.

Centralized Root of Trust Management

Certificates, key stores, and trust stores across all devices, applications, servers and services within the IoT ecosystem.


Incorporate encryption, authentication, and secure code signing within your IoT devices and applications using Keyfactor Command SDKs and APIs.

Extended Identity Attributes

Bind custom attributes to device identities without having to modify, revoke or reissue any certificate.

Find out how the Keyfactor platform can modernize your PKI, prevent
certificate outages, accelerate DevOps security, and more.