Radiometer logo

Radiometer provides comprehensive security protection 

Protecting sensitive data and systems 

  • Request more info

    Learn more about how Radiometer provides security protection

    Contact details
    Workplace details

    By submitting this form, I acknowledge that I have reviewed and understood the data privacy notice.

    All fields must be filled!

  • Download documents
    Sign up for accessing technical papers for our analyzers and our security model sheet

    Contact Info

    By submitting this form, I acknowledge that I have reviewed and understood the data privacy notice.

    All fields must be filled!

  • ISO 27001:2013 certification
  • Multi-layered defense system
  • Strengthens patient data protection

Let us help keep your hospital’s digital network safe from risk

We offer:

  • security through design and product lifecycle management
  • ongoing risk monitoring and vulnerability management
  • built-in defense layers
  • regular security updates as required

This fortified, diversified approach allows you to use our devices without fear of compromise or downtime, so you can concentrate on delivering the best possible care to those most in need.

Radiometer Medical’s information Security Management System comprehensively complies with ISO 27001:2013. Our System’s broad scope includes:

  • Design and delivery of software systems, blood gas analyzers, transcutaneous blood gas and pulse oximetry monitors, and fluorescence immunoassay analyzers
  • Design, deployment, operation and servicing of digital services critical to supporting our analyzers on site
You must give your consent to marketing cookies to view this content.
Click here to renew consent

A risk-based approach for enhanced protection

As the engineers and experts of our connected medical devices, we understand the importance of incessant risk monitoring. From preliminary designs through every stage of a solution’s lifecycle, we continuously identify and protect our devices from cybersecurity threats and vulnerabilities.

This risk-based approach ensures we enhance protection while minimizing any operational impact.

 


Software vulnerabilities

We assess our solutions’ software through the Common Vulnerability Scoring System (CVSS), an open industry standard framework for evaluating cybersecurity vulnerabilities in software.
Coordinated vulnerability disclosure

Penetration test

An independent third-party vendor conducts penetration tests of our products and services. These tests evaluate the security of a system and explore both identified and unidentified vulnerabilities.

A risk-based approach for enhanced protection

As the engineers and experts of our connected medical devices, we understand the importance of incessant risk monitoring. From preliminary designs through every stage of a solution’s lifecycle, we continuously identify and protect our devices from cybersecurity threats and vulnerabilities.

This risk-based approach ensures we enhance protection while minimizing any operational impact.

 


 


Software vulnerabilities

We assess our solutions’ software through the Common Vulnerability Scoring System (CVSS), an open industry standard framework for evaluating cybersecurity vulnerabilities in software.
Coordinated vulnerability disclosure

Penetration test

An independent third-party vendor conducts penetration tests of our products and services. These tests evaluate the security of a system and explore both identified and unidentified vulnerabilities.

Your partner in compliance and data security

Using our multi-layered security system will help you meet increasing security needs while protecting both patient data and connectivity from viruses and malware attacks.


Explore system features below:


Your partner in compliance and data security

Using our multi-layered security system will help you meet increasing security needs while protecting both patient data and connectivity from viruses and malware attacks.


Explore system features below:

 

Radiometer analyzers

  • Stored data including PII/PHI* is encrypted.
  • All unused ports are closed.
  • Audit trail registers all users logging on and off.
  • Windows Firewall is always enabled.
  • Application Control – only software approved by Radiometer can be installed.
 

Connection between devices and AQURE middleware

  • Customers are responsible for the PCs and servers placed in their hospital.
  • All access to AQURE data is managed through the application, based on specific rights for managed users.
 

Data in motion to Radiometer

  • No PII/PHI* data transfer, only analyzer performance related data
  • Outbound connection only through dedicated ports.
  • Authentication and outbound data encryption only through TLS protocols.
  • All certificates used during endpoint authentication are issued by Radiometer.
 

Data insights – Microsoft cloud

  • No PII/PHI* data stored.
  • Only analyzer and software performance-related rich data are stored (e.g., status and QC).
 

Radiometer field service engineer troubleshoots remotely

  • Access is restricted to certified Radiometer field service engineers
  • No PII/PHI data are visible or accessible at any time.
  • Any remote access to a device is logged with a timestamp, technician ID and a video of the entire session.
 

Radiometer network

  • Network for remote support trouble shooting.
  • No PII/PHI* data stored - only analyzer and software performance-related are stored.
  • All Radiometer’s digital solutions are enabled with multi-factor authentication.
 

Radiometer transcutaneous monitor

  • Patient and performance data located on the monitor are encrypted.
  • The device has three levels of user roles: key operator, operator, and service user.
  • Data transmission to other devices is possible via cable and network.
* PII = Patient Identification Information / PHI = Patient Health Information

We have established a multi-layered defense system

We share the responsibility of implementing and monitoring the various security layers with our customers. While the specifics of each layer will differ depending on the device or solution in question, they can broadly be categorized as:



Data at rest

Protection of the data through encryption, scrambling and anonymization, as appropriate.

Application

User management protects limited access via ID and password control, authentication, software installation control, and audit trails of activity.

Operating system

Based on Microsoft-supported operating systems hardened with restrictions imposed as appropriate, Application Control, Patch management and system updates tested prior installation.

Physical layer

Guidelines around responsibilities of customers and users to prevent unwarranted access.

Network

Firewall to protect data, port protection prevents breaches and allows for remote support and data insights.

Policies

Radiometer follows industry-recommended security best practices throughout our development lifecycle, deployment, and operations.

Application Control

Application Control is a means of ensuring only software signed and approved by Radiometer can be installed and run on the analyzer. Malware will lack the digital signature that approves the software and thus, cannot be installed. Only Radiometer can sign the software.

Application Control improves cybersecurity. If a program is not on our list of approved software, it cannot be run on the analyzer.

Patch management

Radiometer has established processes to monitor and evaluate the security updates of all third-party vendor software embedded in our solutions including Microsoft supported operating systems.

These updates are assessed with respect to applicability (relevance) and risk to decide when patching is needed. This can activate specific communication processes contingent upon the severity of an identified vulnerability.

Industry-recommended security best practice

We comply with the following standards:
  • ISO 27001:2013 Information Security Management
  • ISO 14971 Medical devices – Application of risk management to medical devices
  • ISO/IEC 80001-1 Application of risk management for IT networks incorporating medical devices
  • IEC 62304 Medical device software – Software lifecycle process
We comply with the following standards:
  • EC 62366 Medical devices – Part 1: Application of usability engineering to medical devices
  • HIPPA/HITECH
  • ANSI/NEMA HN 1 2019
  • GDPR – Data privacy policy is available at www.radiometer.com/DPN
We comply with the following standards:

We´ll help keep you secure and compliant

As part of our customer care offering, we continuously monitor and update your Radiometer solutions’ software to ensure compliance, add new functionalities and make necessary corrections.

Software updates and security packages for ABL and AQT analyzers are part of our various levels of service agreements.

We´ll help keep your software and Radiometer solutions current and secure as we support you in taking care of the patients at hand.

An integrated POC IT and Services solution

Security is part of Connect & Care.

Connect & Care is a customizable, total solution that connects and supports medical devices, data, and people to keep your POC testing setup running smoothly, placing you a step ahead to put life first.

Learn more
MAPSSS-000273 R4

Cookies are used on this website

Use of cookies
Don't show this message again
Confirm your account with Radiometer

Please enter a valid email

CONTINUE
By submitting your e-mail you agree to the data policy notice
Radiometer is using Microsoft Azure Active Directory to authenticate customer access. If you are already registered you will be taken to Microsoft AD to sign in using your Microsoft AD credentials.
You are already registered
SIGN IN
Radiometer is using Microsoft Azure AD to authenticate customer access. If you are already registered you will be taken to AZURE to sign in using your AZURE credentials.
Thank you

We will be sending an e-mail invitation to you shortly to sign in using Microsoft Azure AD.

CLOSE BANNER
Radiometer is using Microsoft Azure AD to authenticate customer access.
Sorry

It seems that your e-mail is not registered with us

TRY AGAIN CONTINUE
Radiometer is using Microsoft Azure AD to authenticate customer access. If your e-mail is not registered with us please click CONTINUE and we will guide you through the sign-in process.
We have previously sent an invitation by e-mail

Please click "Get started" in the e-mail to complete the registration process

RESEND E-MAIL
Radiometer is using Microsoft Azure AD to authenticate customer access.
Sorry

We were not able to process your request due to a communication error

TRY AGAIN
Sorry

It seems this account has not been given access to the portal

Continue

Radiometer is using Microsoft AZURE Active Directory to authenticate users

Radiometer uses Azure AD to provide our customers and partners secure access to documents, resources, and other services on our customer portal.

If your organization is already using Azure AD you can use the same credentials to access Radiometer's customer portal.

Key benefits

       
  • Allow the use of existing Active Directory credentials
  • Single-sign on experience
  • Use same credentials to access future services

Request access

You will receive an invitation to access our services via e-mail when your request has been approved.

When you accept the invitation, and your organization is already using AZURE AD, you can use the same credentials to access Radiometer's customer portal. Otherwise, a one-time password will be sent via e-mail to sign in.

Effective Date January 20th, 2023 (last updated January 20th, 2023)

ABOUT THIS POLICY

Radiometer values your privacy and the protection of your personal data. This policy (“Policy”) explains how Radiometer its affiliates, subsidiaries or related companies, a full list of which can be located here (together, “Radiometer”, “our”, “us”, or “we”), collects, uses, shares, transfers and processes data collected from or about you.


Personal Data” is any information that can be used to directly or indirectly identify an individual or that can be reasonably expected to link to an individual. This can include items such as name, address, telephone number, credit card details, email address, ID number, Internet Protocol (“IP”) address of an electronic device used by an individual, or other identifying code (even absent of other identifying information). Statistical and non-identifiable metric data are not considered Personal Data.

The Radiometer subsidiary, affiliate or related company with which you interact is, where applicable, the data controller (or equivalent under applicable law) responsible for the processing of your Personal Data. You can find a list of the relevant legal entities that act as data controllers in Appendix 1 to this Policy.

SCOPE

This Policy describes the types of Personal Data that we may collect, process or disclose about you and how you may govern this processing by exercising applicable legal rights. This Policy applies to both online and offline information collection, including your use of websites or subdomains operated by us, any mobile applications, when we provide products and/or services to you or notify you about prospective items of interest and in other situations where you interact with us in-person, by telephone or by mail where this Policy is posted or referenced.


There may be occasion where you have been provided with a circumstance-specific privacy notice that is separate from this policy, such as privacy notices for specific activities such as Recruitment. To the extent you were provided with a different notice, those notices apply and govern our interactions with you. If you provide Personal Data about parties other than yourself, you are responsible for ensuring their knowledge of how we will process their personal data, and, where applicable, obtaining any necessary consents required in advance.

We are committed to processing Personal Data in accordance with applicable laws. Please note that if you do not wish to provide your Personal Data to us, some products and/or services may become unavailable to you. Your use of any or all these platforms indicates you have been notified of our collection, use, transfer, and disclosure of your information as described in this Policy to the extent permitted by applicable law.

Read more