Product Security at Abiomed

Based in Danvers, Massachusetts, USA, Abiomed, Inc., part of Johnson & Johnson MedTech, is a leading provider of medical technology that provides circulatory support and oxygenation. Our products are designed to enable the heart to rest and recover by improving blood flow and/or provide sufficient oxygenation to those in respiratory failure. We are committed to providing patients and health care providers with the highest quality devices and optimal cost-effective solutions. We accomplish this through the relentless exploration of new ideas and approaches that allow us to address new clinical challenges for our customers and patients.

As the solutions we provide to patients and health care providers evolve from a technological standpoint, we must remain vigilant in our cybersecurity efforts to ensure we are providing the highest quality devices. We accomplish this by incorporating cybersecurity activities across the total-product-lifecycle of our solutions and integrating these processes with our Quality Management System.

Key Cybersecurity Activities

At Abiomed, cybersecurity is built into product design early in the process. Architecture and design diagrams are reviewed from a cybersecurity perspective, threat modeling and risk assessment exercises are performed, fully traceable requirements are documented and post-market management plans are developed. In addition, security testing is performed throughout design, development and post-market activities on custom developed software, open source components and the finished product. This process enables us to properly identify and manage cybersecurity risk throughout the total-product-lifecycle.

Vulnerability Disclosure

In support of post-market cybersecurity management activities, Abiomed participates in the MedISAO vulnerability disclosure process. MedISAO is a U.S. Food and Drug Administration (FDA) recognized Information Sharing and Analysis Organization (ISAO) and provides reporting mechanisms for individuals who have discovered potential vulnerabilities in products.

If you believe you have identified a potential vulnerability in any Abiomed medical device, medical device data system, or software as a medical device solution, please submit information related to the potential vulnerability using the MedISAO vulnerability reporting form, which can be found here.

At Abiomed, we believe in our Patients First mission and are committed to fully integrating cybersecurity into the products we provide and the processes we follow.