Keyfactor Control for Medical Devices
As medical technology and the need for mobility increases, keeping connected medical devices functioning and secure is a principal priority.

Securing data and devices

Evolution of medical technology is intended to improve the healthcare experience for patients, families and healthcare providers alike. However, the lack of a strong security posture contributes to the healthcare industry having the highest per-record data breach cost among all regulated industries.

Unlike any other industry, connectivity in healthcare is personal. Protecting patient data such as personally identifiable information (PII) and electronic health records (EHR), plus sustaining physical safety in-home or within a facility, all play equally important roles in the healthcare ecosystem.

While practitioners and healthcare organizations take an oath to “do no harm”, hackers do not.

Protecting patient data is critical – and device takeover is real. Medical devices are now connected over hospital networks – always live and always transmitting data. Open networks enable manufacturers to make remote updates to connected IoT devices around the world. But with this on-demand connectivity comes gaps in security.

As technology avails and evolves, many electronic medical devices will collect important patient data, and transmit that data over an open network.

This means that for device manufacturers, it’s no longer just about building great hardware – the device they’re making actually becomes defined by the software it’s running.

Keyfactor understands the intricacies of healthcare security operations, compliance concerns, and the importance of a digital security strategy. Keyfactor Control gives healthcare device manufacturers an efficient, end-to-end secure identity platform that thwarts dangers posed by a data breach, and the peril of device takeover.

Threats to Vital Medical Devices

Vulnerabilities in connected medical devices, such as pacemakers and infusion pumps, have led to a number of recalls and FDA warnings. In 2017, the US Food and Drug Administration (FDA) recalled 465,000 pacemakers after discovering security flaws that could allow hackers to drain device batteries or send malicious instructions to modify a patient’s heartbeat.

Creating a secure foundation at the start of manufacturing just makes good sense. It’s during the design phase where you want to incorporate cryptography, binding digital identity, so it’s inherent in the device. But it’s not just the medical device manufacturer who’s on the hook – the healthcare provider or hospital must also put an identity on the device that aligns with the original identity from the device manufacturer. This is where getting the keystore right is imperative. When the firmware is designed correctly, it becomes extensible to all those in the device ecosystem – so the hospital can communicate with the device, the patient’s caregiver can communicate with the device, and so on.



Most people believe the greatest security threat from connected pacemakers, insulin pumps and other devices is data hacking. However, the real risk is a more disruptive attack — one that changes how the device performs, or if it performs at all.

Next is the challenge of large-scale interoperability. Patient care facilities are overwhelmed with the number of devices that need access to their network, including the EMR provider. They often aren’t even aware of all the devices that have access – providing an easier opportunity for hackers to infiltrate medical devices and systems.


Additional security threats include:

  • Unauthorized access to devices
  • Corrupt device coding
  • Harm to a patient’s safety and health
  • Loss of protected health information
  • Stolen intellectual property

Healthcare IoT Security - At Scale

Scalable security is a key factor in ensuring your medical devices function within the manufacturer’s specifications. Firmware updates, driven by authentications are regularly necessary to ensure proper functionality and patient safety. When you own a medical product line, there’s nothing more meaningful, or more challenging than securing every product on a global scale. Whether it’s a controlled update, new certificate configuration, or an unexpected breach, it’s critical to stay on top of your entire device fleet.

Keyfactor Control makes it easy and affordable to embed the high-assurance secure identity in every step of the manufacturing and IoT device lifecycle. Through design, manufacturing, deployment, and ongoing management, Keyfactor Control provides the identity foundation you need to produce and sustain the most secure devices on the market.

With Keyfactor Control You Get:
Secure Code Signing

Signing firmware and software updates are a critical best practice to ensure that the software installed in your devices is genuine.

Installation and Identity Provisioning

Installation of Keyfactor Control and provisioning of a secure and unique identity during the device activation process.


Keyfactor Control empowers one-step automation of certificate and Root of Trust (RoT) management, and is available for embedded Android, and native-C for real-time operating systems.

Centralized Root of Trust Management

Certificates, key stores, and trust stores across all devices, applications, servers and services within the IoT ecosystem.

Extended Identity Attributes

Bind custom attributes to device identities without having to modify, revoke or reissue any certificate.

IoT Ecosystem Integration

APIs and plug-ins allow the IoT ecosystem to authenticate device identities, and enforce granular access control based on extended attributes.

Mass Scalability

Proven in environments of 500-million devices, running either on-premise, in the cloud, or in a custom architected hybrid mode.

Private and Public Certificate Authority

Includes a fully managed private PKI, and supports both internal certificate authorities as well as public issuers such as Certicom, DigiCert, and Entrust.


Incorporate encryption, authentication, and secure code signing within your IoT devices and applications using Keyfactor Control SDKs and APIs.