• Veröffentlichung:
    19.05.2025
  • Lesezeit: 6 Minuten
Success Stories

eHealth Consulting: FDA/ EMA-compliant eHealth services, cybersecurity & certification for smart devices

Industry: Life Science & Medtech – eHealth | Period: 2 years | Team size: 3 consultants

The relevance of eHealth services is growing inexorably and plays a central role in modern healthcare. In order to gain and retain the trust of users, these services must be one thing above all: secure and reliable. Only with the highest security standards and reliability can eHealth services develop their full potential and sustainably improve healthcare.

Anyone expanding into international markets knows the hurdles: The FDA (Food and Drug Administration) demands comprehensive documentation and strict security tests – without these, market entry and scaling are delayed. In Europe, the EMA (European Medicines Agency) is following suit with similar requirements and demands an equally carefully regulated certification process. Only those who seamlessly meet these requirements will gain decisive time advantages, minimize compliance risks and turn innovative strength into a competitive advantage.

Our client – a leading pharmaceutical company from China – is focusing on the certification of its new CGM (Continuous Glucose Monitoring) devices in order to expand its portfolio with highly integrated, intelligent and continuous healthcare services. In doing so, they face several challenges.

Authors

Hajo
Börste

Partner

Icon-email-2 Linkedin-in

The challenge - compliance & security for eHealth services

Regulatory compliance – successfully managing international requirements

  • FDA (USA): Compliance with strict classification and approval pathways that require extensive clinical studies and comprehensive documentation.
  • EMA (Europe): Adapting to the new requirements of the Medical Device Regulation (MDR) and the limited number of notified bodies leading to bottlenecks and delays.

Cyber security – establishing protective measures and continuous monitoring

  • FDA: Integration of cyber security measures into the design and development process as well as continuous monitoring and timely updates.
  • EMA: Compliance with cyber security by design principles and the General Data Protection Regulation (GDPR).

Penetration tests (pen testing) – identifying and eliminating security vulnerabilities

  • Conducting thorough penetration tests to identify and fix security vulnerabilities and documenting the results in detail for regulatory submissions.
Satisfied customers from SMEs and corporations
FDA and EMA certifications in minimal time: The seamless integration of compliance documentation, cyber security by design and targeted penetration tests has not only secured CGM devices from a regulatory perspective, but also significantly accelerated market entry.

André Hemmerle, Principal

The Success Journey - Standards for FDA & EMA compliance

Integration of Standards and Governance – A strategic enterprise governance framework

Building on over 20 years of experience in industrial compliance and standardization, we pursue a multi-level, process-oriented approach at market-leading companies. This embeds validation and control mechanisms directly into internal policies and procedures. With this focused framework, the client was able to efficiently manage complex regulatory requirements and sustainably strengthen its governance structure.

With a clear view of each individual requirement, we have structured the entire documentation and clinical evidence in such a way that it seamlessly meets the requirements of the FDA and EMA. By precisely analyzing existing processes and products, we were able to identify gaps at an early stage and close them with targeted adjustments.

Cyber security measures were already firmly anchored in the design phase: threat modeling and vulnerability analyses helped to uncover potential areas of attack. By using tailor-made security controls and continuous monitoring, we ensure that the system is permanently protected against new threats and that regular updates flow smoothly into the development process.

In individualized penetration tests, we simulated the real attack landscape to identify every conceivable gateway. We used specific methods that comply with FDA and EMA requirements for medical devices. The following methods are just a selection of the many approaches we have used:

  • Network vulnerability scanning: Identification of vulnerabilities in the network architecture that could be susceptible to attacks.
  • Firmware analysis: Examination of the firmware for security gaps and vulnerabilities to ensure that there are no unsecured gateways.
  • Communication protocol tests: Checking the security of communication protocols used by the devices to ensure that data is transmitted securely.
  • Authentication bypass attempts: Testing the robustness of authentication mechanisms to ensure that unauthorized access is prevented.
  • Wireless security assessment: Analyze wireless communication channels for security vulnerabilities to ensure that wireless communication is secure.
  • Physical security assessment: Examination of physical security measures to ensure that the devices are protected against physical tampering.

The findings were incorporated directly into the final submission to prove that the devices met the required safety standards.

The Impact at Launch

  • Successful FDA submission The project team evaluated, tested and optimized the cyber security configuration of the new continuous glucose monitoring system. All SBOM, threat modeling and security architecture requirements were fully incorporated into the FDA submission.

  • Closing identified security gaps After an initial certification setback, thorough penetration tests and risk assessments uncovered critical vulnerabilities. Targeted measures were taken to permanently eliminate all deficits.

  • Complete cyber security documentation In close coordination with the certifiers, a comprehensive documentation package was created that precisely depicts risk analyses, update processes and implemented security controls.

  • FDA approval obtained The optimized governance and security strategy enabled the rapid FDA approval of the innovative CGM device and significantly accelerated the international market launch.

What is your next eHealth consulting project?

Are you facing a similar challenge and would like to talk to our experts without obligation? Then get in touch with us today.

Contact us
Hajo Börste

Partner

Contact
Hajo Börste Ventum Consulting

Arrange a non-binding initial consultation now

  • Future-oriented: Targeted use of data as a growth driver
  • Tailor-made: Individual solutions for your specific challenges
  • Tried and tested: 20 years of practical experience from successful data projects guarantees reliability
  • Strong implementation: from conception to measurable realization of results
  • Value-oriented: Clear focus on sustainable benefits and real competitive advantages

TISAX and ISO certification for the Munich office only

tuev-rheinland-logo-ventum-consulting
tisax-logo-ventum-consulting
allianz-cybersicherheit-logo-ventum-consulting
TC-Member




    *Pflichtfeld

    Bitte beweise, dass du kein Spambot bist und wähle das Symbol Herz.

    Take a look at our news

    All news
    Nahtlose IT- und Prozessintegration im Joint Venture
    Success Stories

    Seamless IT and process integration in a joint venture

    Learn more
    Success Stories

    Automated response to delivery status requests without tracking link

    Learn more
    Success Stories

    Automated processing of complex complaints and reclaims with multiple, sometimes unstructured items

    Learn more
    News

    New in the Celonis Marketplace: The CBAM Control App from Ventum Consulting

    Learn more
    Scroll to Top