Securing the Future of Connected Radiology
Can We Foster Confident Care with Cybersecurity?
In the healthcare industry, the need for cybersecurity, data security, and privacy is particularly high: sensitive patient data must be comprehensively protected. Additionally, complex infrastructures, workflow systems, and technologies, including medical devices in healthcare facilities and hospitals, must be secured and protected from cyber threats and outages to ultimately ensure the safety and well-being of patients. Increasing digitalization poses particular challenges for IT teams, decision-makers and medical staff alike. Bayer in Radiology is addressing these security-related challenges in a number of ways because the future of healthcare is built on trust. Consequently, our solutions are built to be secure, allowing you to focus on what matters most: patient care.
Our Commitment
Cybersecurity at Every Step
“At Bayer Radiology, cybersecurity isn't an afterthought, it's built into everything we do. Patient safety is paramount, and that starts with unwavering security from design to delivery.”
Chad Williams
Head of Cybersecurity, Bayer in Radiology
“At Bayer Radiology, cybersecurity is deeply embedded in our product development, from rigorous risk assessments and threat modeling to dedicated expert oversight, ensuring your trust is well-placed.”
Lynne Collins
Head of Connected Engagement, Bayer in Radiology
.
Our Approach
Staying a Step Ahead With Our Cybersecurity Program
At Bayer in Radiology, we know that cybersecurity is not a static goal, but a continuous journey. From hospital infrastructure and device performance to patient health: Security is a fundamental aspect of our product development programs. We deliver solutions with “security built-in” that adhere to highest standards. Our comprehensive cybersecurity approach, constantly evolving to anticipate threats and adapt to the ever-changing landscape, is based on these four main pillars:
Bayer in Radiology has a clear vision of how we can help protect healthcare customers, partners and patients now and in the future. Our devices, software and digital solutions are based on our mandatory Bayer Radiology Medical Device Cybersecurity Management Procedure, which embeds robust safeguards throughout the product lifecycle - including design, development, release, support and retirement.
- Our secure development lifecycle includes coding practices, regular code reviews and rigorous testing to protect our medical devices from unauthorized access and cyber threats.
- Device, hardware and software security requirements are built in from the start, including robust encryption, audit logs, data anonymization and strong anti-malware protection.
- Threat modeling and risk management harden our devices and digital solutions against potential vulnerabilities.
- We are committed to delivering high-quality solutions, supported by a robust Quality Management System (QMS) that governs, monitors, and audits our development processes.
- We comply with the world’s leading industry-specific frameworks, laws, regulations and standards, such as NIST Cyber Security Framework 2.0, AAMI TIR 57, AAMI TIR 97, IEC 81001-5-1, IEC/ TR 80001-2-2, to name a few.
Phishing, ransomware as well as supply chain, device and IoT vulnerabilities—the risks of the digital age are real, and cyber threats are increasing in scope, frequency and sophistication. Bayer in Radiology follows an iterative process as threats and vulnerabilities change over time.
- During the product development phase, we incorporate threat modeling, penetration testing and vulnerability scanning to identify additional risks that may require further investigation
- As part of our release process, a dedicated team of experts works on thorough verification and validation (V&V) testing to improve the security of our medical devices and software
- To ensure high availability and smooth operations, we have established a comprehensive vulnerability management process that provides timely patching with firmware and software updates (including out-of-cycle patches when necessary)
- The Radiology Medical Devices Cybersecurity team maintains a rigorous monitoring and response program. We continuously monitor the cybersecurity landscape, searching for cybersecurity signals to stay abreast of relevant cyber intelligence, assess the potential impact of emerging threats on Bayer products, and drive a rapid response.
- In the event of a suspected or known cybersecurity breach, Bayer works closely with our customers to address the vulnerability. Results of forensic analysis and recommendations for recovery and resilience are shared proactively
In the healthcare industry, data and network security is paramount to ensuring the safety and integrity of sensitive data, or Protected Health Information (PHI).
As healthcare IT networks and devices become more interconnected, the risk of a weak link in the chain increases—and so does cyber risk. Hospitals and other healthcare organizations must therefore ensure that their networks, gateways, devices, applications, and data are protected from malicious attacks. To help detect and defend against threats and minimize patient risk, the Bayer in Radiology’s secure network practices include:
- Implementing secure interfaces and regularly updating relevant security protocols
- Remote connectivity technology powered by PTC ThingWorx, an industry-leading IoT platform
- Advanced end-to-end encryption for data transmissions
- Strong authentication and authorization procedures and logging routines
Another key aspect is the encryption of health data based on methods that comply with the latest technological standards to prevent unauthorized access, misuse, manipulation, oversharing, and exploitation. Compliance with international and healthcare industry security standards, such as ISO/IEC 27001, and data security regulations, such as US HIPAA and EU GDPR, is also critical. These standards help ensure the availability, integrity, and confidentiality of data.
Bayer’s commitment to the integrity of its medical systems, connections, and operational data is driven by a strong focus on patient safety and customer trust. Our holistic cybersecurity program is aligned with industry best practices and regulatory requirements, and is constantly evolving to adapt to the ever-changing cybersecurity landscape.
With multiple layers of governance controls in place, healthcare organizations can rely on Bayer to help prevent and mitigate potential security incidents.
Your benefits at a glance:
- Alignment of Bayer’s Lifecycle Development and Release program with HIPAA and NIST 800-53 cybersecurity requirements
- Documented, comprehensive cybersecurity program, with the ability to perform security reviews in accordance with e.g. hospital policies
- Proactive, honest communication about new vulnerabilities and threats, outlining a clear roadmap for patches and updates, and transparent, coordinated measures and actions to resolve potential issues
- Rapid response to breaches related to Bayer solutions—designed to limit potential damage to your infrastructure, operations, and patients
- Bayer acting as a dependable partner to healthcare organizations, offering close collaboration with a local presence in your region and the support of a global network
Our IT Advisory
Expert Guidance for Your Cybersecurity
At Bayer in Radiology, we continuously monitor for emerging vulnerabilities and are committed to thoroughly assessing and addressing the associated risks. We prioritize proactive cybersecurity, ensuring a diligent and effective response to safeguard our systems and data to keep you protected.
- Access the latest security advisory and product notices
- Review recommended actions for mitigation and our remediation strategies
- Stay informed about potential vulnerabilities and security updates
We're committed to being your trusted partner in maintaining the highest level of cybersecurity for your radiology workflow.
Our Portfolio
Cybersecurity for Our Radiology Solutions
Bayer in Radiology products are engineered with an unyielding commitment to fostering cybersecurity, minimizing your risk and safeguarding Bayer-sold devices and systems to protect what matters most – your patients.
Cortenic™
Cortenic™ is the secure connectivity platform for all Bayer Fluid Delivery Solutions, integrating your imaging suite to help manage department goals. It provides a clear path for your radiology and IT teams to activate secure connections, unlocking enhanced solutions and full-suite connectivity. At Bayer, we envision a future where every power-injected procedure is delivered from a secure, integrated ecosystem with hardened systems, robust protocols/encryption, and swift cyber responses—better serving patients, you, and your team. More information about Cortenic™ coming soon.
VirtualCARE® Remote Support
Providing remote support for injectors, VirtualCARE® is designed to deliver secure and reliable remote connectivity, and diagnostic services, with the goal of facilitating faster recovery in the event of downtime. VirtualCARE® is available for most MEDRAD® injection systems and for the Radimetrics® Enterprise Application.
CalanticTM
An orchestrated suite of AI radiology solutions, CalanticTM will focus on quality of care today and help transform radiology tomorrow. Our cloud-based marketplace, with service line AI apps, are integrated into the radiologist’s workflow with the CalanticTM Viewer, integrated in the PACS viewport.
Abbreviation list
- AAMI: Association for the Advancement of Medical Instrumentation Return to content
- FDA: Food and Drug Administration Return to content
- GDPR: General Data Protection Regulation Return to content
- HIPAA: Health Insurance Portability and Accountability Act Return to content
- IEC: International Electrotechnical Commission Return to content
- IoT: Internet of Things Return to content
- ISO: International Organization for Standardization Return to content
- NIST: National Institute of Standards and Technology Return to content
- PACS: Picture Archiving and Communication System Return to content
- TIR: Technical Information Report Return to content
- TR: Technical Report Return to content
References
- Bayer. Equipment Service. https://www.radiology.bayer.com/products/equipment-service Return to content
- Bayer. Image Acquisition Workflow Solutions. https://www.radiology.bayer.com/products/image-acquisition-workflow-solutions Return to content
