Cybersecurity
An Essential Priority within the Mindray Patient Monitoring Network
The digitalsation of healthcare is here! From Electronic Patient Records (EPRs) to millions of connected medical devices, the flow of patient information is increasing exponentially. But, with so much data transmission comes a greater vulnerability to cybercrime and there is growing concern about cybersecurity in the healthcare sector.
To ensure the security of hospital and patient information, medical devices must be designed, implemented and tested to high standards of data transmission and storage. They also need to be installed, configured, maintained and operated as intended. As an active member of the medical community, Mindray is dedicated to helping our customers improve the security of patient data while ensuring medical staff can access the data they need quickly and efficiently.
Mindray builds close partnerships with our customers to help them adopt and implement IT strategies and tactics that will proactively mitigate cybersecurity risk. Cybersecurity and PHI (Protected Health Information) are the key focus of Mindray's patient monitoring solutions.
With Defense-in-Depth at the core of Mindray’s cybersecurity strategy, our strategy encompasses three aspects: Endpoint Security, Patient Privacy and Security by Design.
Mindray has received the ISO/IEC 27001:2013 certification for its information security management system (ISMS) across the entire European business.
ISO/IEC 27001:2013 is one of the most well-known international standards to manage information security. It provides a framework to help organisations manage information security risks, protect themselves from threats, and keep assets secure, such as financial information and employee data. These standards can also help businesses meet legislative and regulatory requirements, such as the General Data Protection Regulation (GDPR).
Information security of our customers, business partners and staff members is at the heart of our Mindray business. As a partner in your operations and on the treatment journeys of the patients we want to provide a valid reason to put your trust in Mindray.
Endpoint Security
Endpoint security aims to minimise the threats of unauthorised access through devices such as laptops, workstations, mobile and bedside medical devices.
This is done through segmenting the network, eliminating unnecessary pathways and restricting access to communications on the network. Locking down and securing these medical devices is the definitive component of Mindray's endpoint security.
Patient Privacy
Mindray’s approaches to protecting PHI and personal identifying information (PII) incorporates secure encryption, password management and secure data deletion:
- User access controls
- Customised screen and report configurations to support patient confidentiality.
- Logs with PHI and / or PII are encrypted to protect patient information.
These strategies continue to prove effective in supporting patient privacy.
Secure by Design
From the outset of our product development, security risk management, security design practices, and security code analysis are critical. Rigorous fuzz and penetration testing are used to ensure our software applications and systems are robust enough for the real world.
Security by design continues well beyond product release; Mindray continuously evaluates patches and security updates to ensure product security over time.
Mindray’s Cybersecurity Advisories
Mindray's continuous improvement process assesses the impact of Microsoft Windows updates on a monthly basis. Typically, the release of a validated patch occurs within two weeks of the Mircrosoft Windows patch release.
While developing the patch we validate that the latest version of Mindray products can perform to specification with the applicable patches applied to the OS.
Below you'll find technical notes regarding security patches for Mindray products running on Windows. It is recommended that the applicable patches defined in the table should be installed on the affected Mindray products.
For important system vulnerabilities, Mindray will assess the impact on the product and release the affected statement and corresponding solutions.
