.svg)
When CENTERVUE SPA, a leading name in ophthalmic diagnostics, part of the Revenio Group and representing the brand iCare, sought to ensure the security of their cutting-edge fundus imaging medical device, they turned to Periculo for a comprehensive penetration test.
Headquartered in Italy, CENTERVUE SPA has built a reputation as a trusted partner for eye care professionals. Their innovative solutions, including automated fundus imaging systems and perimeters, support the diagnosis of critical conditions like glaucoma, diabetic retinopathy, and macular degeneration (AMD).
By investing in robust medical device security, iCare reaffirms their commitment to delivering both safety and quality in ophthalmic care.
iCare approached Periculo to conduct a penetration test on their confocal microperimetry device, a sophisticated medical device combining hardware and software components. The device features a retinal scanning digital camera integrated with a digital display, designed to aid in fundus imaging and perimetry.
The official scope outlined by the client detailed their need for a third-party cybersecurity assessment. Specifically, they sought a penetration test to evaluate the security of the embedded software within the device, which operates both as a standalone unit and when connected to hospital IT networks. The device also includes a cloud connection for licence-based non-medical software, further broadening the scope of security considerations.
In addition to technical requirements, the client stipulated that the testing aligned with FDA-recognised consensus standards, including IEC 80001-1, IEC 81001-5-1, and IEC/TR 60601-4-5.
The ultimate goal of the assessment was to provide robust evidence to support their application for US FDA approval, ensuring the device met the highest standards of medical device security and compliance.
With a strong foundation in cybersecurity for the digital health industry, Periculo leveraged its expertise to meet iCare’s specific needs. Our team has extensive experience conducting penetration tests for both Software as a Medical Device (SaMD) solutions and physical medical devices, ensuring compliance with industry standards.
For this engagement, we carefully reviewed the latest version of IEC/TR 60601-4-5, the FDA-recognised guidance for penetration testing of medical devices. By aligning our assessment with the most up-to-date standards, we ensured the testing process met all necessary requirements for FDA submission.
This meticulous approach underscores Periculo’s commitment to delivering thorough, standards-based assessments that not only enhance medical device security but also support regulatory approval processes.
To carry out the penetration test, iCare arranged for the physical device to be securely shipped to Periculo’s on-site testing facility.
As the client was based in Italy, this required careful logistical coordination to ensure the device arrived safely and within the necessary timeframe. Upon receipt, our team conducted a detailed inspection to confirm the device’s condition, providing confidence in the integrity of the testing process.
Our assessment followed a rigorous methodology combining automated tools and manual testing techniques, aligned with the Penetration Testing Execution Standards (PTES), whilst also following our CREST accredited penetration testing framework. This hybrid approach allowed us to thoroughly evaluate the device’s resilience, identify potential security vulnerabilities, and offer actionable recommendations for improvement.
By adhering to these best practices, we ensured a comprehensive and accurate security assessment of the medical device.
The results of the penetration test included a comprehensive report detailing all findings, accompanied by recommended remediation measures where necessary.
Any vulnerabilities identified were scored according to the Common Vulnerability Scoring System (CVSS), providing clear prioritisation for any required actions.
Following the testing, the device was securely returned to the client in Italy.
This engagement provided the client with several key benefits.
Working with the team for our device’s penetration testing was seamless from start to finish.
We were initially concerned about the logistics of shipping our device from Italy, but they took care of everything, ensuring it arrived safely in the UK and returned just as smoothly.
The level of detail in the testing was outstanding, they went deep into both the hardware and software, uncovering insights we hadn’t even considered.
The report they provided was incredibly thorough, with a detailed breakdown of the IEC-60601 requirements, clearly identifying the results of each section.
Their findings were instrumental in our FDA submission, giving us solid, trusted evidence to support our application.
Highly recommend this team for any medical device security needs.
This project with iCare showed us how much value comes from working closely with our clients, especially when there’s a lot to coordinate across countries.
From handling logistics to in depth testing and meeting regulatory needs, we continue to learn a lot about what medical device companies really need to get through compliance smoothly and securely.
If you’re looking for a partner who can simplify the process and take the stress out of compliance, let’s chat!
We’d love to show you how our approach can make a difference for your team and your customers.
Contact Periculo for expert cyber security solutions tailored to the digital health industry.
.png)