Digital Product Security

Elekta对网络安全的承诺

在当今相互联系的数字医疗生态系统中,最高的网络安全标准对于患者的安全和数据保护至关重要。Elekta致力于推进医疗设备中的网络安全,并维持对患者,个人和业务数据的保护。为了支持这一目标,我们开发了Elekta产品网络安全框架(EPCF),其中包含行业最佳实践和监管指南,以帮助将安全性整合到我们产品生命周期的每个阶段。Elekta是几个医疗设备网络安全和隐私工作组以及网络安全信息共享组织的活跃成员。我们与客户和监管机构合作,以监控产品的持续安全性并负责任地处理安全漏洞。

Before deploying and using our products, customers should review the current security documentation of Elekta's products to ensure appropriate implementation of cybersecurity controls.

Plan and design, release, post market surveillance

A Dedicated Digital Product Security Team

Our team of digital product security professionals is dedicated to ensuring our products are safe and secure for their intended use. We maintain a dual focus on developing safe and secure products while also anticipating and responding to emerging cybersecurity threats. Our team prioritizes transparency and responsiveness with our customers about cybersecurity and provides support and protection throughout the product lifecycle. With deep knowledge and expertise in product security, our team helps you maintain secure operations continuously.

数据隐私

Elekta致力于保护客户数据的隐私。我们通过设计将流程与隐私和安全原则保持一致,以帮助您遵守美国的HIPAA,欧洲的GDPR和其他隐私法。随着我们计划,设计和发布处理个人数据的产品,服务和解决方案,我们努力纳入数据保护措bob体育官网手机版下载施。我们对数据隐私的承诺遍及整个产品的生命周期。这是通过为隐私影响评估设置内部流程,审查潜在供应商和其他第三方遵守的框架和政策,以及确保我们的员工经常接受数据隐私要求培训。数据隐私是我们行为准则的一部分,也是我们公司政策框架的重要组成部分。

云安全性

Our cloud-based solutions are hosted on Elekta Axis, a fully managed cloud environment. These cloud based solutions are built on Microsoft Azure, which means your data is protected by robust data security features, including multi-layer threat protection, automated security detection and response. It also means you have the assurance of built-in system compliance features to ensure conformance of data privacy and regulatory requirements. All of your information is encrypted, including data in transit from your site and data at rest in Elekta's cloud infrastructure.

结合我们的软件解决方案中的多层安全性(例如密码保护和两因素身份验证),您可以确定,保护临床数据是我们的优先级。通过强大的内部控制,治理和监督,Elekta都在不断努力,不断努力加强和改善这些安全控制和实践。客户应参考各自的云产品安全文件,以使用产品特定的安全控制。

Product Security Statements

To support our customers' cybersecurity risk management needs, Elekta provides information to help assess and address the cybersecurity risks associated with our products.

Elekta publishes product security statements as part of each product release. These documents contain information about the security configurations related to the software, hardware and any operating systems part of the product. The security statement also provides guidance on how to securely implement and operate the product.

In addition to the security statement, Elekta uses the Manufacturer Disclosure Statement for Medical Device Security (MDS²) to provide security information about its medical device products. The MDS² is an industry-endorsed reporting form published by the Medical Imaging and Technology Alliance (MITA). The form allows manufacturers to provide product security information to customers in a standardized format. The MDS² form contains product-specific security information related to:

  • Managing personally identifiable information
  • 审计
  • Authorization
  • Data backup
  • Security updates
  • Malware controls
  • Secure connectivity
  • Hardening
  • Data integrity

该表格还包含制造商的注释以及映射到不同的安全框架。查找有关MDS²表格的更多详细信息here。Customers can contact Elekta customer support or sales to receive a copy of the MDS² form for any supported product.

Product Security Advisories

Elekta publishes security advisories and bulletins on an ongoing basis to notify customers about any potential or validated security vulnerabilities pertaining to our products and services with guidance on remediation steps.

These security advisories are available in our customer portal. Please visitElekta Care™ Community portal更多信息或联系客户upport.

Cybersecurity Incident Response

Elekta Care Support takes cybersecurity seriously and will provide all reasonable assistance to help customers quickly recover from any incidents affecting supported Elekta products. Following established processes, Elekta Care Support will document and manage the incident with the customer through to a resolution and suggest future protection improvements where appropriate.

Coordinated Vulnerability Disclosure

Elekta is committed to ensuring the safety and security of the products we develop and provide for cancer care. Elekta welcomes the invaluable contributions offered by security researchers and by our customers. The Coordinated Vulnerability Disclosure (CVD) policy is designed to ensure a responsible and streamlined process for reporting and handling product security vulnerabilities. As part of this program, Elekta openly accepts vulnerability reports for currently supported Elekta products and solutions. Find the program detailshere

Partnerships

Elekta believes in strong partnership between different stakeholders in healthcare industry to improve privacy and security of healthcare solutions. Our product security and privacy teams work closely with healthcare industry organizations to ensure patient information is protected and our products are safe and secure. To achieve greater security, we partner with several organizations to gather and share cyber information, including, but limited to:

  • 欧洲Radiologica协调委员会l Electromedical and Healthcare IT Industry (COCIR)
  • Advanced Medical Technology Association (AdvaMed)
  • 健康信息共享和分析中心(H-ISAC)
  • Health Sector Coordinating Council (HSCC)