Cybersecurity at BD

Chief Project Engineer Holds Briefing for a Team of Scientists that are Building Machine Learning System. Displays Show Working Model of Neural Network. , Chief Project Engineer Holds Briefing for a Team of Scientists t

About Us
Trust Center
Bulletins and Patches
Disclosure Process
Helpful Resources

Cybersecurity is one of the most critical issues impacting the healthcare industry. At BD, we maintain an unwavering commitment to security by design, in use and through partnership. We strive to ensure our products, systems and customer environments maintain high security standards so our customers can focus on what matters most: caring for patients.

While we maintain robust security protocols, we also recognize that new security threats emerge daily, from attempts to compromise healthcare data to coordinated efforts to disrupt clinical workflows or manufacturing. We recognize that our customers cannot protect what they don’t know. That’s why we believe transparency and collaboration are essential. As we build a strong community of practice, working closely with our customers, industry regulators and security researchers, we’re improving cybersecurity and resilience across the industry.

— Rob Suárez, Vice President and Chief Information Security Officer

BD products and systems are designed to be secure and are developed using industry-leading cybersecurity standards, including those from ISO and NIST.

BD products and systems are secured and maintained throughout their intended life cycle, across all technologies and sites.

BD maintains a culture of transparency and collaboration with customers and industry stakeholders to establish industry best practices.

BD Cybersecurity Framework

BD utilizes a framework to incorporate cybersecurity into our processes for product design, manufacturing, customer support and enterprise systems. Our framework has been aligned to various industry work products including the Healthcare & Public Health Sector Coordinating Councils (HSCC) Medical Device and Health IT Joint Security Plan, the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the International Organization for Standardization (ISO) 27001 standards, Underwriters Laboratories (UL) 2900 Standard for Software Cybersecurity for Network-Connectable Products and the International Society of Automation (ISA) 62443.

Cybersecurity Maturity

2021

BD became the first medical technology company authorized as a Common Vulnerability and Exposures (CVE®) Numbering Authority.

2020

The IMDRF published Principles and Practices for Medical Device Cybersecurity.

BD received UL CAP certification for BD Synapsys™ Microbiology Informatics.

2019

The HSCC published the Medical Device and Health IT Joint Security Plan (JSP).

BD CISO Rob Suárez co-chaired the HSCC Med Tech Cybersecurity Risk Management Task Group.

2018

BD made product security templates available via the BD Cybersecurity Trust Center.

BD received UL CAP certification for the BD FACSLyric™ flow cytometer.

2017

BD established a Product Security Partnership program.

2016

The FDA published Postmarket Management of Cybersecurity in Medical Devices.

2014

The FDA published Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.

Partners and Initiatives

AdvaMed

The Advanced Medical Technology Association advocates globally for the highest ethical standards and patient access to safe, effective and innovative medical technologies.

AiSP

The Association of Information Security Professionals, based in Singapore, is committed to promoting the development, increase and spread of cybersecurity knowledge.

CCAPAC

The Cybersecurity Coalition for Asia Pacific is dedicated to improving the policy landscape for cybersecurity in Asia.

CVE® Program

BD is authorized as a Common Vulnerability and Exposures (CVE) Numbering Authority by the CVE Program.

DSAC

The Domestic Security Alliance Council is a strategic alliance that includes the U.S. Federal Bureau of Investigation (FBI), Department of Homeland Security and private industry networking together.

H-ISAC

For maximum reach, BD shares coordinated vulnerability disclosures with the Health Information Sharing and Analysis Center.

HSCC

BD participates in multiple Healthcare and Public Health Sector Coordinating Council (HSCC) Cybersecurity Working Group Task Groups.

IMDRF

BD participates in the International Medical Device Regulators Forum with the shared goal of harmonizing medical device cybersecurity around the world.

MDIC

The Medical Device Innovation Consortium works with government and industry stakeholders to advance solutions that promote patient access to innovative medical technologies.

MedTech Europe

BD participates in the MedTech Europe Cybersecurity Working Group, which brings cybersecurity experts together to engage with European institutions, including the European Union Agency for Cybersecurity (ENISA).

U.S. FBI InfraGard

BD participates in the U.S. FBI InfraGard, a partnership between the FBI and the private sector for the purpose of protecting U.S. Critical Infrastructure.

Access BD cybersecurity resources

BD recognizes the value to our customers of independent cybersecurity attestation. Each year a range of third-party audits are performed on BD products and internal cybersecurity controls. To demonstrate our commitment to product security and the protection of customer data, BD makes these industry-recognized certifications and attestation reports available to customers.

BD maintains a SOC2+ program for multiple BD products that collect and process patient health information in accordance with the HIPAA security rule. These annual audits address the Trust Principles for Security and, for our cloud-based products, Availability. These reports are prepared by an independent third party and provide assurance regarding the operational effectiveness of BD internal controls and the security of BD products.

UL CAP, which stands for Underwriters Laboratories Cybersecurity Assurance Program, is an independently audited certification that demonstrates the cybersecurity of medical device products through a rigorous program of analysis. UL CAP cybersecurity testing is extensive and challenges BD products against known cybersecurity vulnerabilities, malware, malformed input (fuzz testing), structured penetration, static source code analysis, static binary and bytecode analysis, and verification of security controls (access control, user authentication and authorization, remote communication, cryptography and software updates).

BD maintains Product Security White Papers for its software-enabled products. The purpose of these documents is to provide details on how BD security and privacy practices have been applied and what our customers should know about maintaining security throughout the entire product life cycle. Each white paper includes a Manufacturer Disclosure Statement for Medical Device Security (MDS2 attestation).

SOC2+ reports and Product Security White Papers are restricted to existing BD customers and can be requested below. UL CAP certificates display the scope (product and version), validity period and certifying UL Manager and can be downloaded below. Prospective customers that wish to obtain copies of SOC2+ reports or Product Security White Papers can request these from their sales representative following approval of a Confidential Disclosure Agreement (CDA). Select the documents you would like to access and use the icons at the bottom of the page to trigger the download or request.

BD Pyxis™ supply technologies

Product	Request SOC2 report	Download UL CAP certificate	Request BD product security white paper
BD Knowledge Portal for BD Pyxis™ Supply Technologies
BD Pyxis™ SupplyStation system

BD Pyxis™ medication technologies

Product	Request SOC2 report	Download UL CAP certificate	Request BD product security white paper
BD Cato™
BD Knowledge Portal for BD Pyxis™ Medication Technologies
BD Pyxis™ Anesthesia Station ES
BD Pyxis™ Anesthesia Station
BD Pyxis™ CIISafe
BD Pyxis™ Connect
BD Pyxis™ DuoStation system
BD Pyxis™ EcoStation system
BD Pyxis™ Enterprise Server
BD Pyxis™ Inventory Connect
BD Pyxis™ IV Prep
BD Pyxis™ Logistics system
BD Pyxis™ MedStation
BD Pyxis™ ParAssist
BD Pyxis™ PARx system
BD Pyxis™ PharmoPack System
BD Pyxis™ Remote Manager Temp Monitor
BD Pyxis™ Tissue and Implant System

BD Infusion Pumps

Product	Request SOC2 report	Download UL CAP certificate	Request BD product security white paper
BD Alaris™ 8015 System
BD Alaris™ CQI Reporter
BD Alaris™ Gateway Workstation
BD Alaris™ neXus CC Syringe Pump
BD Alaris™ neXus Editor
BD Alaris™ neXus GP Volumetric Pump
BD Alaris™ neXus PK Syringe Pump
BD Alaris™ Technical Utility Software
BD Alaris™ Communication Engine
BD BodyComm™ Software
BD BodyGuard™ Infusion Pump
BD BodyGuard™ Duo Pump
BD BodyGuard™ Epidural Pump
BD BodyGuard™ Pain Manager
BD BodyGuard™ T Syringe Pump

BD HealthSight™ analytics

Product	Request SOC2 report	Download UL CAP certificate	Request BD product security white paper
BD HealthSight™ Benchmarks
BD HealthSight™ Clinical Advisor
BD HealthSight™ Data Manager
BD HealthSight™ Diversion Management
BD HealthSight™ Infection Advisor
BD HealthSight™ Inventory Optimization
BD HealthSight™ Medication Safety Analytics

BD software

Product	Request SOC2 report	Download UL CAP certificate	Request BD product security white paper
BD Care Coordination Engine (CCE)
BD Remote Support Solution (RSS) / BD Remote Assist / BD Assurity Linc™

Microbiology/Molecular systems

Product	Request SOC2 report	Download UL CAP certificate	Request BD product security white paper
BD BACTEC™ FX Instrument
BD BACTEC™ FX40 Instrument
BD BACTEC™ MGIT™ 320 Instrument
BD BACTEC™ MGIT™ 960 Instrument
BD MAX™
BD Phoenix™ AP
BD Phoenix™ M50
BD Veritor™ Plus

Informatics

Product	Request SOC2 report	Download UL CAP certificate	Request BD product security white paper
BD EpiCenter™
BD Synapsys™

Women's health and cancer

Product	Request SOC2 report	Download UL CAP certificate	Request BD product security white paper
BD COR™ System
BD DataLink
BD FocalPoint™ GS imaging system
BD Totalys™ Multiprocessor
BD Totalys™ SlidePrep
BD Viper™ LT System

Laboratory automation systems

Product	Request SOC2 report	Download UL CAP certificate	Request BD product security white paper
BD Kiestra™ InoqulA
BD Kiestra™ TLA System
BD Kiestra™ WCA System

Biosciences clinical systems

Product	Request SOC2 report	Download UL CAP certificate	Request BD product security white paper
BD FACSCalibur™
BD FACSCanto™ 10-color
BD FACSCanto™ II Clinical
BD FACSCount™ System
BD FACSDuet™
BD FACSLink™
BD FACSLyric™ (IVD)
BD FACSPresto™
BD FACS™ Sample Prep Assistant (SPA) III
BD FACSVia™
BD FACS™ Lyse Wash Assistant™ (LWA)
BD FACS™ Workflow Manager

Biosciences research systems

Product	Request SOC2 report	Download UL CAP certificate	Request BD product security white paper
BD Accuri™ C6 Plus
BD FACSAria™ Fusion
BD FACSAria™ II
BD FACSAria™ III
BD FACSCanto™ 10-color
BD FACSCanto™ II
BD FACSCelesta™
BD FACSJazz™
BD FACSLyric™ (RUO)
BD FACSMelody™
BD FACSVerse™
BD FACSymphony™ A1
BD FACSymphony™ A3/A5
BD FACSymphony™ S6
BD FlowJo™ Desktop
BD Influx™
BD™ LSR II
BD LSRFortessa™ Flow Cytomenter
BD LSRFortessa™ X-20 Cell Analyzer
BD Rhapsody™ Single-Cell Analysis System
BD SeqGeq™ Desktop

Anesthesia delivery

Product	Request SOC2 report	Download UL CAP certificate	Request BD product security white paper
BD Intelliport™ Medication Management System

Vascular access technologies

Product	Request SOC2 report	Download UL CAP certificate	Request BD product security white paper
BD Site~Rite™ 8 Ultrasound Systems
BD Sherlock 3CG+™ Tip Confirmation System

Patient temperature management system

Product	Request SOC2 report	Download UL CAP certificate	Request BD product security white paper
BD Arctic Sun™ Analytics
BD Arctic Sun™ 5000 Temperature Management System
BD Arctic Sun™ 6000 Stat Temperature Management System

Diabetes care

Product	Request SOC2 report	Download UL CAP certificate	Request BD product security white paper
BD™ Diabetes Care App

Urology and Critical Care

Product	Request SOC2 report	Download UL CAP certificate	Request BD product security white paper
BD Senssica™ Urine Output System

Care continuum products

Product	Request SOC2 report	Download UL CAP certificate	Request BD product security white paper
BD Pyxis™ MedBank
BD Pyxis™ RapidRX
BD Rowa™ Dose
BD Rowa™ vMAX™

Page CybersecurityPages

Filters

Sort by :

Latest

Relevance Latest Oldest Name (A-Z) Name (Z-A)

Your search did not match any documents.

Search Tips:

Check the Knowledge Center for literature, case studies, events, or other documents
Explore our Products and Solutions
Search for related topics of interest using the search bar above, then try modifying your search using the filters at left
Check our Support pages or Contact Us
Try to search for similar words and pages
Check your spelling

Form

Coordinated Vulnerability Disclosure

BD has established a routine practice of seeking, communicating and addressing cybersecurity issues in a timely fashion. Vulnerability disclosure is an essential component to our approach to transparency by enabling customers to manage risk properly through awareness and guidance.

Process

Report

Analyze

Coordinate

Disclose

BD welcomes vulnerability reports from security researchers, customers, third-party component vendors and other external groups that wish to report a vulnerability in a BD software-enabled device.

BD partners with the issue reporter to investigate and confirm the vulnerability. If confirmed, we follow an Incident Response and Vulnerability Management Plan, which is a strategy BD established to effectively respond to reported cybersecurity issues. Once validated, our incident response team collaborates with various functional teams including Product Security, Research and Development and Quality to determine objectives, scope, severity, analysis and the appropriate actions needed to accurately respond to the issue.

For maximum awareness, BD voluntarily reports vulnerabilities to the U.S. Food & Drug Administration (FDA) and Information Sharing Analysis Organizations (ISAO) where BD participates, including the U.S. Department of Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) and the Health Information Sharing and Analysis Center (H-ISAC). Additionally, BD follows the FDA’s Postmarket Management of Cybersecurity in Medical Devices guidance to properly communicate vulnerabilities to BD customers.

Our disclosures are posted to our Bulletins and patches page in coordination with CISA’s advisory.

Report a potential product-related security issue, such as an incident, breach or vulnerability

Report a Cybersecurity Issue

Transparency and close coordination with our customers and industry stakeholders is a key element of the BD Cybersecurity program. Please complete the cybersecurity issue report form to report a potential product-related privacy or security issue (incident, data breach or vulnerability).

Annual Report and Templates

BD 2021 Cybersecurity Annual Report

Download this report to learn more about our approach to cybersecurity.

Download

Incident and Vulnerability Management Plan

A template to help organizations manage incidents and vulnerabilities.

Download

Product Security Policy Template

A template for documenting cybersecurity standard operating policies.

Download

Product Security Procedure Template

A template for documenting security work instructions.

Download

Product Security White Paper Template

A template to help medical device manufacturers communicate cybersecurity guidance to their customers for specific products.

Download

BD 2020 Cybersecurity Report

Download the inaugural BD cybersecurity annual report.

Download

June 2, 2022

MDIC, HSCC Team Up to Establish Medical Device Security Benchmarks

Learn how a new self-assessment tool is helping the industry establish benchmarks for medical device cybersecurity maturity.
May 25, 2022

Developing Medical Device Cybersecurity Maturity Benchmarks

In this podcast episode, BD CISO Rob Suárez shares a collaborative effort to establish industry benchmarks for medical device cybersecurity maturity.
January 20, 2022

How Medical Device 'Ingredient Labels' Could Bolster Security

BD CISO Rob Suárez explains how listing a software bill of materials (SBOM) can help improve healthcare cybersecurity.
January 6, 2022

BD Publishes 2021 Cybersecurity Annual Report

The second annual BD cybersecurity report details the state of health care cybersecurity, the company's impact on advancing cybersecurity maturity and anticipated trends for 2022.
December 8, 2021

Partnering with your workforce to increase cybersecurity readiness

BD Director of Information Security - Operations, Nastassia Tamari, shares five tips for teaming up with employees to increase cybersecurity readiness across all levels of your organization.
October 28, 2021

Cybersecurity awareness: How BD fosters a strong cybersecurity culture

Learn how BD fosters a strong cybersecurity culture by providing opportunities to hear directly from customers and partners, conducting phishing simulations and providing ongoing, tailored cybersecurity training.
October 15, 2021

Three Strategies for Managing Medical Devices Amid Increasing Cyber-Risks

BD CISO Rob Suarez shares strategies to help healthcare providers and medical device manufacturers work together to manage medical device cybersecurity amid increasing cyber-risks.
October 13, 2021

Industry experts share best practices for reducing ransomware risks at hospitals

Two industry experts share strategies for reducing ransomware risks, from training staff to recognize threats to boosting cyberattack preparedness.
July 27, 2021

BD CISO talks cybersecurity best practices, previews HIMSS21

BD Chief Information Security Officer Rob Suárez previews the company's upcoming cybersecurity panel discussion at HIMSS and discusses transparency and collaboration.
June 22, 2021

Using a Medical Device Software Bill of Materials

BD Chief Information Security Officer Rob Suárez speaks with Marianne Kolbasuk McGee about medical device security challenges.
June 9, 2021

Medtech Needs to Be 'Proactive' When It Comes to Cybersecurity, Says Expert from BD

For BD, being transparent about potential vulnerabilities is essential because customers can’t protect what they don’t know.
June 2, 2021

BD Advances Leadership in Cybersecurity Preparedness, Transparency

BD becomes the first medical technology company authorized as a Common Vulnerability and Exposures (CVE®) Numbering Authority by the CVE Program, further demonstrating company's leadership in health care cybersecurity.
May 17, 2021

Talking about Cybersecurity Vulnerabilities in Medical Devices Shouldn’t be Taboo

Healthcare providers can’t protect against vulnerabilities they don’t know about. That’s why we need to take the stigma out of talking about vulnerabilities.
January 12, 2021

Healthcare cybersecurity trends for 2021

To be secure, medical device manufacturers and healthcare providers will need to go beyond defensive cybersecurity strategies and incorporate cyber resiliency. As more organizations in healthcare embrace these complementary priorities in 2021, we can expect the following cybersecurity trends to emerge.
December 14, 2020

BD Publishes its Inaugural Cybersecurity Annual Report

Through the BD 2020 Cybersecurity Report, the company seeks to address cybersecurity challenges specific to health care and offer guidance about cybersecurity practices for working with medical device manufacturers.
November 16, 2020

Cybersecurity recommendations for hospitals on the front lines of COVID-19

The COVID-19 pandemic continues to place unprecedented demands on the healthcare system. Many hospitals have had to reconfigure their facilities, from expanding remote monitoring and telemedicine to adding dedicated COVID-19 units.
July 22, 2020

Industry experts urge greater collaboration in medical device cybersecurity

With this growth comes broad and complex challenges, which health care providers, medical device manufacturers and industry regulators must address to secure connected health devices and protect patient safety and privacy.
July 01, 2020

Increasing medical device cybersecurity with Zero Trust principles

To improve the resilience of healthcare during a pandemic or any other crisis, we need to adopt Zero Trust principles. In other words, we need to assume nothing and verify everything.
May 22, 2020

Three cybersecurity trends that have emerged from the COVID-19 pandemic

Even as healthcare professionals put their own lives at risk to save patients, cybercriminals are diligently honing their craft. They are exploiting the need for faster, less stringent security vetting processes and conducting their own version of A/B testing to determine which phishing and smishing campaigns are most effective in the current environment.
February 20, 2020

BD Synapsys™ microbiology informatics solution receives UL Cybersecurity Assurance Program (UL CAP) certification

The BD Synapsys informatics solution is among the first life-science diagnostics informatics platforms to meet all UL CAP cybersecurity standards.