Wearables & Remote Patient Monitoring cybersecurity.

• Continuous vital-sign patches (ECG, SpO2, temp, respiration)
• Hospital-at-home and post-acute monitoring kits
• Chronic-disease RPM (CHF, COPD, hypertension)
• Maternal and pediatric RPM
• Medication adherence trackers

• Wearable ↔ phone / gateway (BLE, authenticated pairing)
• Gateway ↔ cloud (TLS, mutual auth where possible)
• Cloud ↔ clinician dashboard (SSO, RBAC)
• Cloud ↔ EHR / payer / care-coordination platforms (FHIR)
• Cloud ↔ alarm / escalation pipelines (rate-limited, audited)

Do consumer wearables need FDA cyber documentation?

Only when you make a clinical claim and pursue clearance. As soon as you do, the full premarket cyber package applies.

What's the right BLE pairing mode for a clinical wearable?

Authenticated pairing (LE Secure Connections with numeric comparison or OOB) is the expectation. Just Works pairing is hard to defend in a threat model for a clinical device.

How do you test the OTA update path?

We verify signature validation, anti-rollback, atomic install, and recovery on a representative device, plus the cloud delivery path's authentication and integrity controls.

Do you cover the EHR integration in scope?

Yes when in scope - typically the FHIR or HL7 endpoint, its authentication (SMART on FHIR, mTLS, OAuth), and authorization model are tested as part of the wearable system.

What about battery and DoS attacks against the sensor?

We model and exercise battery-drain and DoS scenarios - they're a recognized safety-relevant cyber threat for wearables and need documented mitigations.

How is multi-tenant cloud isolation tested?

We perform cross-tenant authorization testing, key-scoping verification, and audit-trail review. Every cross-tenant access is treated as a critical finding.