Product cybersecurity

A holistic approach to managing product cybersecurity — from initial product design and development to optimization throughout the lifecycle of your equipment.
At a glance

Secure by design

We define the appropriate risk-based design inputs early in the development process

Security controls

We create a customized set of security controls based on intended use and likely threats

Lifecycle management

We rigorously monitor threats and vulnerabilities and provide patches when needed

Continuity protection

We help ensure peak performance, ongoing updates and upgrades

As a leading provider of medical technology worldwide, we are committed to helping providers prioritize patient safety and enhance the security of the healthcare system.

We embed cybersecurity practices across every phase of our business operations, including product development, maintenance and support. Our dedicated programs are thoughtfully designed, precisely measured, and consistently applied throughout the product lifecycle — resulting in an approach that is suitable, effective, and focused on managing risks.
Here’s how it’s done

Secure product development

Our Design Engineering Privacy and Security (DEPS) process follows a rigorous set of principles through all stages of product development, testing, and preparation for the market.

Design phase

During early development, we determine product architecture based on function, intended use and environment.

Threat assessment

We perform threat assessment using industry-standard threat models that are specifically tailored to the product’s clinical environment.

Security and management

Throughout the development process, control implementation is continually monitored and controlled.

Final development stages

We perform manual review, vulnerability scans, static and dynamic code analysis and several phases of internal and external penetration testing.

Address findings

Assessment findings are reviewed and fully addressed prior to release, or in the case of very low risks, are documented and accepted.

Formal documentation

Prior to product release, we create documents that describe deployment-related controls for the customer to implement.

Secured by design

To help prevent breaches, we design products to minimize vulnerabilities.

Minimal software footprint

Limits potential vulnerabilities by reducing the number of installed applications

Device whitelisting

Integrated firewall allows connections only to approved devices

Built-in antivirus

Helps to provide robust protection against external threats

Ongoing patch management

Regular security updates with minimal disruptions to workflow
Peace of mind

Helping to provide security throughout the lifecycle

In today’s world, technology changes at a rapid rate. Keeping up with security can be hard to manage and budget for. We make it easy to stay current from day one of your purchase.

Continuity programs

Our various Continuity™ offerings can help you stay ahead of system obsolescence, thereby helping to mitigate cybersecurity threats, by providing access to expert managed updates and upgrades that become commercially available during the term of your Continuity agreement.*

Related offerings

 

Skeye™ Cybersecurity

Regardless of manufacturer, Skeye provides active monitoring across networked medical device endpoints.

 

Product Security Portal

Access critical cybersecurity updates and advisories that impact your equipment and systems.

 

Medical Technology Advanced Systems

Designed to create a unified plan for all the medical technology across your health system.

 

GE HealthCare Services

Comprehensive care for equipment that empowers patient outcomes today and tomorrow.**

Resources and downloads

 

Our commitment to cybersecurity

At GE HealthCare, we'll never stop working to help keep you protected.

 

Our commitment to protecting customer data

At GE HealthCare, we strive to protect customer data with the appropriate technical and organizational measures.

 

Global Information Security Management

Our Global Information Security Management System is globally certified according to ISO 27001, 27018 and 27701 standards.

Disclaimers
* The terms of a specific Continuity agreement, including applicable updates and upgrades, are as stated in the terms and conditions for the agreement.

**Scope of service entitlements are as stated in your service agreement.
References
  1. Stern Security. (2024, September). 2024 Velocity Healthcare Breach Report.
    https://www.sternsecurity.com/wp-content/uploads/2024/09/2024-Velocity-Healthcare-Breach-Report.pdf
  2. I.S. Partners, LLC. (n.d.). 25+ Healthcare Cybersecurity Statistics [Updated for 2024].
    https://www.ispartnersllc.com/blog/healthcare-cybersecurity-statistics/
  3. Healthcare Financial Management Association (HFMA). (2024, April 25). How ransomware attacks are driving up healthcare costs.
    https://www.hfma.org/fast-finance/ransomware-attacks-healthcare-costs/
  4. IBM Security. (2024). Cost of a Data Breach Report 2024.
    https://www.ibm.com/downloads/documents/us-en/107a02e94948f4ec

Discuss your cybersecurity challenges with an expert today.

JB35071XX