VA Medical Device Security Assessment Center (MedSAC)

KRM has supported the development of the Health Information Security Division (HISD) for the Veterans Affairs since its inception. KRM has functioned as a sub-contract to the Advanced Technology Institute (AT), the VA Security Team (VAST), and eventually to RS Information Systems to provide operational and technical support for the Medical Device Security Assessment Center (MeDSAC).

KRM was tasked to design, document, implement and operate a HISD Medical Device Security Assessment Center (MeDSAC) for VA test purposes (non-production). Product evaluations were conducted on biomedical devices and their associated software packages. The MeDSAC will support a joint endeavor between the Department of Defense (DOD) Teleradiology and Advanced Technologies Research Center (TATRC) at Fort Detrick, MD. KRM has executed a Cooperative Research and Development Agreement (CRDA) with DOD and Georgetown to support these activities.

MeDSAC can assess the following devices:

FDA 510(k) Medical Devices
Medical systems (Clients and Servers)
New platforms being considered at VA facilities
Tablet PCs
PDAs
Wireless

Product evaluations were conducted on biomedical devices and their associated software packages. KRM provided the operation, management, assessment, and testing support for the Center for Healthcare Information Security testing center in Shepherdstown, WV. KRM also supported the development of the methodologies, standards, and systems to support the center.

As part of this effort, KRM designed and developed the Medical Device Vulnerability Assessment Information Assessment System (MedVAIS). This is a data warehouse for storing and analyzing all security vulnerabilities and the associated medical devices compliance with the security parameters of the VA.