Siemens Healthineers, a leading global medical technology company, is a pioneer when it comes to patient-centered, advanced medical devices and accompanying software. Its breakthrough technology is crucial for clinical decision-making and treatment pathways that empower healthcare professionals to deliver high-quality care leading to the best possible outcomes for patients.
The widespread use of medical devices, especially the 430 million smart devices connected to the Internet, has resulted in an expanded cyberattack surface that—if hacked—could impact end-users health, safety, and personally identifiable information.
To safeguard the well-being of its customers, and to comply with industry regulations and standards, Siemens Healthineers set out to ensure that its cybersecurity team was leveraging industry-leading application security (AppSec) platform.
Terezia Mezesova, Cybersecurity Team Leader at Siemens Healthineers, recently spoke with us to discuss why the innovative medical technology company selected Checkmarx over competing AppSec vendors and the results that Siemens Healthineers’ cybersecurity team is continuing to achieve.
Prior to selecting Checkmarx, Siemens Healthineers was implementing penetration testing to identify software vulnerabilities. The volume of code-related vulnerabilities in internally developed applications was far greater than expected.
“It was at that point that our cybersecurity team knew we had to invest in an automated source code scanning tool,” said Mezesova. “We wanted to get a better baseline of what secure code looked like and found that the tools we were using at the time weren’t that helpful.”
Siemens Healthineers ultimately chose Checkmarx Static Application Security Testing (SAST) due to its ability to run full and incremental scans, highly accurate scan results, ease of integration into existing workflows, and—most importantly—the ability to deploy on-premises, in the cloud, or in hybrid environments. Since medical devices are part of a highly regulated industry, deploying on-premises is more optimal.
In the years following the implementation of Checkmarx SAST, Siemens Healthineers has dramatically improved the time it takes to deliver secure software. The development team is now able to find vulnerabilities much earlier in the software development lifecycle (SDLC)—when code edits are still possible—and act.
To date, Siemens Healthineers has scanned over 250 applications and more than 149 million lines of code with 90 percent of projects scanned weekly. “With Checkmarx SAST, we are scanning early and often. This has enabled our development team to deliver new software or software updates faster than ever before,” Mezesova concluded. “Best of all, it has given us the peace of mind that our products and customers are safe and secure.”
To learn more about Siemens Healthineers and its success with Checkmarx SAST, please check out the case study.