The healthcare industry is the most complicated environment to secure – as it takes a village – from the medical devices community, to healthcare providers, healthcare workers and government bureaucrats. This is the industry at highest risk because of the sheer volume of unmanaged or hard-to-manage devices and the consequences (life-or-death nature of the trade). The emerging nature of IoT devices and cybersecurity compliance requirements in the healthcare sector requires both equipment vendors and service providers to implement security policies that address the risks posed by cyber-attacks and insider threats. Mission critical production systems and medical devices require protection from unauthorized software updates or configuration changes, and secure authentication of field and remote operators. Legacy enterprise IT managed systems rely on password policies, multi-factor authentication and role based physical and network access. Such controls are inadequate against zero-day cyber-attacks on headless IoT devices that subvert threat intelligence-based intrusion and/or anomaly detection systems designed to prevent data breaches. Therefore, IoT solutions in the healthcare sector require a tamper-resistant system that provides built-in protection controls, trustworthy change management and continuous integrity verification – for high scalability and availability.


The strategy will require at least:

  • securing the identity and integrity of medical devices at the grassroots level
  • securing the integrity of data exchanges from devices to receivers (display stations and monitors)
  • securing the digital secrets (keys and certificates) on the devices and receivers
  • rotating the digital secrets at scale and as a managed maintenance activity – for device lifecycle management and transfer of ownership (e.g. remote patient monitoring platforms
  • tamper-resistant content delivery through the supply chain for traceability

Industry: Healthcare

Devices: Aging Legacy Medical Devices

Company: Medical Device Manufacturers

Automate Security Lifecycle Management for
Legacy Medical Devices

  • Legacy devices running Windows XP and 7
  • Unsupported and un-patchable devices
  • Field technicians cost hundreds of dollars per dispatch to re-provision certificates and deliver updates
  • Manual process is vulnerable to insider threats, supply chain tampering, and man-in-the-middle (MITM) attacks
  • Mocana TrustCenter
    • TrustEdge™ Clients
    • Buy (not build) protection
  • Interoperability with greenfield and legacy brownfield devices
  • Deploy on in-field devices
  • Work with customers and US FDA to ensure solution does not require an FDA re-certification of medical devices
  • Simple solution to upgrade in-field medical devices
  • Solution automates the re-provisioning and management of digital certificates
  • Does not require an FDA re-certification
  • Reduces surface of attack
  • Reduces risk of MITM
  • Millions of dollars in forecasted savings in operational security costs

Aging medical devices such as imaging equipment, pumps, surgical equipment, implantable medical devices, hospital and home patient monitors, and medical IoT edge devices are vulnerable due to a lack of strong cryptographic controls. In healthcare, risk is measured in terms of loss of life, human safety and reliability of the systems. While data privacy is important, compromised systems directly impact patient care.


There are 6+ million medical devices in the market and 6,500+ manufacturers in the U.S. alone.

— MPO Magazine

Aging medical devices such as imaging equipment, pumps, surgical equipment, implantable medical devices, hospital and home patient monitors, and medical Internet of Things (IoT) edge devices are vulnerable due to a lack of strong cryptographic controls, including: multi-factor authentication, secure boot, secure update, and secure, encrypted communications.

Medical equipment manufacturers and healthcare providers must ensure compliance with HIPAA, HITECH Breach, and cybersecurity standards such as NIST 800-53, Revision 4, IEC 62443-3-3, and FIPS 140-2. Keeping up with these standards as well as emerging standards from the Industrial Internet Consortium (IIC) and Industrie 4.0 can be challenging. New regulations such as GDPR in Europe raise the stakes for non-compliance to more than €20 million per incident. Older protocols such as Modbus, DNP3 and BacNet can be difficult to secure.

A Cybersecurity System Tailored for Clinics, Hospitals, and Manufacturers


Used by more than 200 OEMs to protect more than 100 million devices

Mocana’s end-to-end cybersecurity system is a FIPS 140-2 validated embedded cybersecurity software solution that ensures device trustworthiness and secure communications by giving industrial automation manufacturers, OEMs and critical infrastructure operators an easy way to harden electronic control units and controllers with multi-factor authentication and trust chaining, as well as secure  boot to validate the firmware, OS and applications.

Download Industry Brief

Learn More About Mocana Solutions


Mocana TrustCenter™

Services platform for automated security lifecycle management

Mocana TrustEdge™

Comprehensive IoT endpoint security that simplifies integration

Mocana TrustCore™

Proven, differentiated and compliant system of cybersecurity
  • background-blue.jpg

    We are excited to work with Mocana in implementing their comprehensive software solution across our divisions. With Mocana’s Security of Things Platform, we are able to maintain consistency in our security approaches, across any type of device or sensor, addressing the variance of real-time operating systems (RTOS), controllers and CPUs. Mocana brings strong FIPS-140 proven cryptography to our embedded devices all the way up to the cloud, enabling a safer path to IoT transformation for our connected business strategy."

    George Wrenn

    VP of Global Cybersecurity for Schneider Electric

  • background-blue.jpg

    Mocana has been helping industrial manufacturing and automation companies to secure industrial control systems, SCADA networks, avionics subsystems and IoT devices since 2002. Mocana’s IoT Security Platform is solving operational technology and IoT security challenges by tackling one of the toughest industry problems—making industrial controllers and IoT endpoints more secure and trustworthy."

    Michael Dolbec

    Managing Director, GE Ventures

  • background-blue.jpg

    Ensuring the safety, security, and reliability of control systems is critical. Mocana’s IoT Trust Platform can simplify the implementation of security across modern control and safety systems."

    Joe Weiss

    Managing Partner of Applied Control Solutions, LLC

  • background-blue.jpg

    Industrial IoT cybersecurity is both difficult and essential. Xilinx and Mocana share a vision to remove barriers to IIoT adoption by reducing risk, cost and speeding time to market for any customer that wants to innovate and move their business forward."

    Christoph Fritsch

    Director, Industrial IoT, Scientific and Medical, Xilinx

  • background-blue.jpg

    The tools provided by Mocana are rooted in its long history of equipping engineers with the ability to harden devices that perform mission-critical operations. Manufacturers can now be equipped to leverage the power of the embedded chips in their products to support the security and privacy requirements of these emerging data-driven IoT ecosystems."

    Rob Westervelt

    Research Manager, IDC

  • background-blue.jpg

    Supply chain integrity is one of the most important challenges facing the industrial IoT. Mocana’s IoT Trust Platform is tackling this problem head on by automating device enrollment and security provisioning. With tools for both suppliers and OEMs, Mocana’s trust services will simplify enrollment and secure updates."

    Ed Amoroso

    CEO of TAG Cyber, LLC

  • background-blue.jpg

    Mocana’s IoT Security Platform ensures that IoT devices can be trusted and communicate securely to the public and industrial cloud platforms. Their verification of the interoperability and integration of their cloud to AWS, Microsoft Azure IoT, VMWare-based clouds, and GE Predix is a significant benefit for companies working with Mocana."

    Vikrant Ghandhi

    Industry Director, Digital Transformation, Frost & Sullivan of Frost & Sullivan

  • background-blue.jpg

    Mocana has designed its cryptography engine to have a tiny, lightweight footprint. Its software is fast and responsive, making it ideal for hashes and advanced cryptographic functions. In addition, the software modules that sit on the device, gateway, and cloud are customizable, in that customers need to deploy only the code they require to implement specific functions."

    Sankara Narayanan

    Research Analyst, Frost & Sullivan

Find the healthcare industry solutions that meet your needs

Request a demo


The latest thoughts on cybersecurity

Solution Briefs

Learn More

White Papers

Learn More


Learn More




Learn More

Case Studies

Learn More