Skip to content
Contact Us
CREST Accredited Penetration Testing

CREST Penetration Testing

Expert CREST-accredited penetration testing for digital health, defence, robotics, AI platforms, SaMD, and critical business systems. We deliver bespoke security solutions that safeguard your technologies and help you meet tough regulatory and compliance standards.

Soter Logo
Huma Logo
Doccla Logo
ATS Logo
icare logo
Lottie Logo
EQL

Professional vulnerability assessment and security testing

Our CREST certified penetration testing services help identify security vulnerabilities before malicious actors can exploit them. We simulate real-world attacks to strengthen your defenses and protect your critical systems and data.

 

CREST Certified Excellence

Our penetration testers are CREST certified, ensuring the highest standards of professional testing methodologies and ethical practices.

 

Management-grade Reporting

Detailed reports with clear risk ratings, evidence and actionable remediation guidance tailored for technical and executive audiences.

 

Medical Device Expertise

Specialist testing aligned to IEC TR 60601-4-5:2021, EUMDR, IEC 62304 and MDCG 2021-5 Rev.1 for healthcare environments.

 

Physical Security Testing

Assess access control, surveillance and on-site defenses with targeted physical intrusion testing and practical improvements.

 

Ensuring Security Through Penetration Testing

Our Penetration testing is customisable to fit the specific needs and requirements for digital health organisations, which makes it a valuable tool to identify and mitigate vulnerabilities in your computer systems, networks, and web applications.
Leading Testers

Our penetration testing services provide comprehensive assessments for business, digital health and medical devices to identify and address potential security risks.

Tailored Solutions

We offer customised penetration testing solutions to meet the unique needs of digital health organisations. We meet standards such as FDA, EUMDR and more.

Contact Us

Medical Device Pen-testing

How It Works

1

Book a call

Everyone is different, and so are digital health companies. It’s important that we have some time to understand exactly what you need so that we can advise you accordingly.

2

Planning Process

Our expert team carefully plans the penetration testing process to identify vulnerabilities. We’ll book an initial call to understand your system in more detail and agree the scope.

3

Execution Phase

We execute comprehensive penetration tests to exploit vulnerabilities and assess their impact. During this phase we add value by aligning to standards such as FDA, EUMDR, 81001-5-1, and MDCG 2021-5 Rev.1.

4

Reporting and Recommendations

We provide detailed reports and recommendations through our platform to help you strengthen your digital health security. A follow-up session walks through the findings in clear, practical terms.

5

Continuous Improvement

We help implement security measures and ensure ongoing protection for your product and business systems. For medical devices, we can deliver findings in a hazard format aligned with EUMDR and IEC 62304.

Medical Device Security

Benefits of Penetration Testing for
Medical Devices & SaMD

Comprehensive cybersecurity testing for medical devices, Software as Medical Device (SaMD), and healthcare systems to ensure patient safety, regulatory compliance, and data protection.


FDA & EU MDR Compliance

Meet FDA cybersecurity guidance and EU MDR requirements with comprehensive penetration testing that addresses IEC 62304, IEC TR 60601-4-5:2021, and MDCG 2021-5 Rev.1 standards for medical device cybersecurity.


Patient Safety & Data Protection

Protect patient health information (PHI) and ensure medical device functionality cannot be compromised by cyberattacks. Identify vulnerabilities that could impact patient care or expose sensitive healthcare data.


Software as Medical Device (SaMD) Testing

Specialized penetration testing for SaMD applications, mobile health apps, and cloud-based medical software. Ensure your digital therapeutics and diagnostic software meet cybersecurity requirements.


ISO 14971 Risk Management

Integrate cybersecurity risk assessment into your ISO 14971 risk management process. Identify, analyze, and mitigate security risks throughout the medical device lifecycle.


Faster Market Access & Approval

Accelerate FDA 510(k) submissions and CE marking processes with comprehensive cybersecurity documentation. Demonstrate proactive security measures to regulatory bodies.


IoMT & Connected Device Security

Secure Internet of Medical Things (IoMT) devices, wearables, and connected medical equipment. Test network communications, device authentication, and data transmission security.

Specialised Medical Device Testing Areas

Medical Device Categories

  •  
    Implantable cardiac devices (pacemakers, ICDs)
  •  
    Insulin pumps and continuous glucose monitors
  •  
    MRI machines and imaging equipment
  •  
    Ventilators and life support systems
  •  
    Surgical robots and navigation systems

SaMD & Digital Health

  •  
    Mobile health (mHealth) applications
  •  
    AI-powered diagnostic software
  •  
    Digital therapeutics (DTx) platforms
  •  
    Telemedicine and remote monitoring
  •  
    Clinical decision support systems

Regulatory Standards & Guidelines Covered

FDA

FDA Guidance

Cybersecurity in Medical Devices

MDR

EU MDR

European Medical Device Regulation

IEC

IEC 62304

Medical Device Software

ISO

ISO 14971

Risk Management

Secure Your Medical Devices Today

Get expert penetration testing for your medical devices and SaMD applications. Ensure patient safety, regulatory compliance, and cybersecurity resilience.

Penetration Testing Solutions

We offer various types of Penetration Testing services, including Network Penetration Testing, Web Application Penetration Testing, and Mobile Application Penetration Testing.
What is Medical Device Security Testing?

Medical device security testing can be done in many ways, either part of your development lifecycle in line with IEC62304, or through a traditional penetration test. The challenge with generic penetration testing is that it may not cover all of the aspects that you would expect to see for your medical device. For example, integrity is a big part of medical device security and penetration tests often miss this as they focus on the OWASP top 10 only. We perform our penetration tests in line with medical device security standards such as IEC TR 60601-4-5:2021

What is Web Application Penetration Testing?

Web Application Penetration Testing is the process of evaluating the security of a web application by identifying vulnerabilities that could be exploited by attackers. It helps ensure that the application is secure against potential threats.

What is Mobile Application Penetration Testing?

Mobile Application Penetration Testing involves assessing the security of mobile applications to identify vulnerabilities that could be exploited by attackers. It helps ensure that the application is secure and protects user data.

What are the benefits?

Penetration Testing helps identify potential vulnerabilities in your digital infrastructure, allowing you to proactively address them before they can be exploited by attackers. It helps protect your sensitive data and ensures the security of your systems.

What penetration test do I need for my medical device?

The type of penetration test you need depends on the specific device, its connectivity, and the potential risks it faces. At Periculo, we offer tailored assessments based on factors such as network interfaces, data sensitivity, and regulatory requirements. Common tests include wireless, software, and hardware security evaluations. Our experts will work with you to determine the most appropriate test to safeguard your medical device against potential threats and ensure compliance with industry standards.

How long does Penetration Testing take?

The duration of Penetration Testing depends on the scope and complexity of the project. It can range from a few days to several weeks. Our team will work closely with you to determine the appropriate timeframe for your specific requirements.

What deliverables can I expect?

After completing the Penetration Testing, you will receive a comprehensive report detailing the vulnerabilities identified, along with recommendations for remediation. Our team will also provide ongoing support to help you address any security issues. For medical device security testing, we will provide you with a table of hazards considering standards and requirements that you choose, for example; IEC TR 60601-4-5:2021, EUMDR , IEC 62304 and MDCG 2021-5 Rev.1

What are the costs?

The cost of Penetration Testing varies depending on the scope and complexity of the project. We offer competitive pricing tailored to your specific requirements. Contact us for a detailed quote.

What is penetration testing for medical devices?

Penetration testing for medical devices involves assessing the security of connected medical equipment to identify potential vulnerabilities that could be exploited by cyberattacks. At Periculo, we simulate real-world threats to ensure that your devices are resilient to breaches, protecting patient data and the integrity of your systems. This is crucial for maintaining both compliance and patient safety in healthcare environments.

Do you perform Physical Penetration Testing?

Yes, We can conduct physical penetration testing. We simulate real-world intrusions to identify vulnerabilities in your physical defences, such as access controls and surveillance. Our detailed assessments help you strengthen your security measures and protect against unauthorised access.

How can I get started?

To get started with our Penetration Testing services, simply contact us to discuss your requirements. Our team will guide you through the process and provide you with a tailored solution to meet your security needs.

Penetration Testing - The Compliance Platform

Simplify Your Penetration testing Journey

Keep all your security documentation in one place with our powerful compliance platform. Streamline processes, track progress, and maintain audit readiness.

Reporting Through Our Compliance Platform

 

Streamlined Report Delivery & Management

Your CREST penetration testing reports are automatically delivered through our secure Harpe compliance platform, providing you with instant access, progress tracking, and integrated remediation management.

 

Instant report delivery upon completion

 

Interactive vulnerability tracking dashboard

 

Automated remediation task management

 

Secure document storage and sharing

See Platform Demo
 

Penetration Test Report

CREST Certified Assessment

Status: Complete
Vulnerability Summary
2
Critical
5
Medium
Remediation Tasks
 
Update SSL certificate configuration
 
Implement input validation
 
Review access permissions

Platform Benefits for Penetration Testing

 

Real-Time Progress

Track testing progress and receive updates as vulnerabilities are identified and verified.

 

Compliance Ready

Generate compliance reports and evidence packages for audits and regulatory requirements.

"The report they provided was incredibly thorough, with a detailed breakdown of the IEC-60601 requirements, clearly identifying the results of each section.

Their findings were instrumental in our FDA submission, giving us solid, trusted evidence to support our application.

Highly recommend this team for any medical device security needs."

icare

Enrica Rumiato

iCare