NephroFlow is a specialized software designed for dialysis care. It streamlines the complex planning and workflow required for dialysis treatment. The software is used by both medical professionals and patients, making it critical to ensure security, authentication, and privacy.
Cyrex worked with the team at NIPRO Digital to assess and enhance the security of the NephroFlow application. This was not a one-time effort but an ongoing process, with yearly penetration tests to ensure the application’s security.
The penetration tests conducted by Cyrex play a crucial role in NIPRO Digital’s pursuit of ISO27k certification for information security in healthcare. This certification demonstrates a commitment to securing sensitive patient information and ensuring the application’s overall security.
Cyrex conducted penetration testing for both the traditional and mobile versions of the NephroFlow application. Given the sensitive nature of healthcare data and the integration with medical devices, the testing aimed to assess various security aspects, including:
- Privacy of patient data.
- Access controls, ensuring that different users have appropriate access rights.
- Authentication and authorization to verify that only authorized users could access the system.
- Denial of Service (DOS) protection to safeguard against service disruptions.
- Identifying business logic flaws that could be exploited.
- Protecting intellectual property, especially proprietary algorithms integrated with private vendors.
The penetration testing revealed a range of high-priority vulnerabilities within the NephroFlow application. These vulnerabilities posed significant risks to the security and privacy of patient data and the overall functionality of the software.
After identifying these vulnerabilities, Cyrex provided NIPRO Digital with a comprehensive report detailing the security issues. The NIPRO Digital team took corrective measures to patch the vulnerabilities and enhance the application’s security. The collaboration between Cyrex and NIPRO Digital is not a one-time effort. Cyrex plans to conduct further penetration tests on NephroFlow in the next twelve months to ensure that the security measures remain effective and to address any new threats that may arise.