A. Roche Diagnostics recognizes that an effective cybersecurity program must address the entire product lifecycle, including the design, development, production, distribution, deployment, maintenance, and disposal of a product and any associated data.
B. To that end, Roche’s cybersecurity approach is founded on five core principles:
1. Security is one of our priorities. Roche Diagnostics endeavors to incorporate security principles in its products. As we develop new products, we will continue to evaluate security by design in our product development. In doing so, Roche takes a risk-based approach that recognizes that the intended use, user environment, and other important factors impact the type and level of cybersecurity required.
2. Life-cycle approach. Roche Diagnostics monitors information about vulnerabilities, incidents and other cybersecurity threats to identify and mitigate security risks throughout the product lifecycle. In doing so, we endeavor to implement timely security updates to our products in a manner that reduces any impact to the intended use, safety, and effectiveness of our products, or availability and integrity of the associated data.
3. Shared responsibility. Roche recognizes that cybersecurity is a shared responsibility among all members of the healthcare ecosystem. With that in mind, we work closely with industry and standards organizations, customers, institutions, academicians, security researchers, vendors, regulators, and other stakeholders to stay informed about the latest standards, trends, risks, and technologies.
4. Partner controls. Roche holds its partners and vendors to the same standards to which we hold ourselves.
5. Open communications and disclosure. We encourage security researchers and others who become aware of potential vulnerabilities or incidents associated with any of our products to contact us as described in our Vulnerability and Incident Handling Disclosure statement. Where applicable, we inform customers and other impacted stakeholders of Vulnerabilities and Incidents that could impact the safety and security of our products.
Roche customers can view the latest product security updates below. Login is required to download and view the documents.
|11/08/17: Security Notification Regarding WannaCrypt/WannaCry Ransomware — Molecular Products||Software Bulletin VV08900.pdf (Login required)|
|07/24/17: Security Notification and Recommended Actions Regarding NotPetya/exPetr Ransomware — cobas® IT 1000 software Application, cobas bge link/OMNILINK Software Application, and cobas infinity central lab||Software Bulletin 17161.pdf (Login required)|
|07/24/17: Security Notification Regarding WannaCrypt/WannaCry Ransomware — Serum Work Area Systems||Software Bulletin 17160.pdf (Login required)|
|06/28/17: Security Notification Regarding WannaCrypt/WannaCry Ransomware — Roche Point of Care (POC) IT Software Applications||Software Bulletin 17121.pdf (Login required)|
|06/19/17: Security Notification Regarding WannaCrypt/WannaCry Ransomware — cobas® infinity central lab||Software Bulletin 17125.pdf (Login required)|
|06/01/17: Security Notification Regarding WannaCrypt / WannaCry Ransomware — Tissue Diagnostics Products||Software Bulletin 17113.pdf (Login required)|