Know Your Assets.

Uncertainty is Unsustainable

How well do you know your medical devices? Most healthcare delivery organizations know that medical devices pose cybersecurity risks to patients and care, but attempt to sweep the problem under the rug, leading to unsustainable, uncontrolled, unnecessary risk.

Effectively controlling medical device cybersecurity risk means knowing:

  • What are our devices?
  • What vulnerabilities do our devices have?
  • Are we applying appropriate mitigating controls?
  • How will we know when a device needs attention?
  • What should we be doing right now, at this moment?
  • Are we making progress toward our goals?

Build Security In with BlueFlow™

BlueFlow asset screenshot

Cybersecurity assurance done right.

BlueFlow is a software suite that helps HTM, clinical engineering, and IT teams streamline inventory, identification, risk assessment, patching, and threat monitoring of medical device assets at healthcare facilities of any size.

  • Simple, automated risk assessment on your terms
  • Detailed reporting on risk, controls, patching, and more
  • Threat feed that highlights your assets
  • Cross-team sharing for clinical & IT teams
  • Full context and history of risk for every asset

Leverage your existing investments, including your team. BlueFlow seamlessly integrates with:

  • CMMS & work order systems
  • Vulnerability scanners
  • SIEMs and log aggregators
  • Netflow aggregators
  • ... and the best open-source tools (including ours) to help you understand what your assets are, what they're doing, and what you can do to make sure they're up to date.
BlueFlow inventory screenshot

We're All About Healthcare

“We started Virta Labs because we were tired of security vendors treating healthcare customers like second-class citizens without solving the real problems that made their jobs so challenging. It may sound simple, but our main selling point is that we listen.
— Ben Ransford, Ph.D., Co-Founder & CEO
“Admiring the problem won't make it go away. We stake our reputation on our ability to design real solutions that actually make people better at their jobs.
— Kevin Fu, Ph.D., Co-Founder & Chief Scientist

Open Source

Tapirx (taper ecks) logo

Read More Download Now

Contact us for commercial support.
Tapirx is free, open-source software for passive medical device discovery & identification. It integrates with BlueFlow to give you full-spectrum coverage from discovery to risk assessment to lifecycle management.
  • Discover medical devices on your networks, from live or recorded traffic
  • Fill gaps in your inventory with make, model, and ePHI tagging (integrated with BlueFlow)
  • Deploy discovery & identification wherever you want, without paying a dime
  • Integrate with asset-management or security tools
  • Avoid vendor lock-in and expensive mystery boxes; run on your own infrastructure

Artist's rendition of Chief Scientist Kevin Fu's keynote at AAMI 2017. Courtesy of AAMI.


January 2019 We're sponsoring the Medical Device Security 101 conference in Orlando again this year. Ask about open source and meet our customers!
October 2018 We've combined forces with Coalfire to offer full-service consulting with BlueFlow. See our partners page for details!
October 2018 We were selected as a Technology Collaborator for the NIST NCCoE Securing PACS project!
February 2018 New free white paper for HDOs on Medical device security return on investment (ROI).
May 2017 New peer-reviewed publication: Cybersecurity and medical devices: A Practical guide for cardiac electrophysiologists
See our blog for more updates.

Get Updates

Stay current with BlueFlow™ discounts, new products, service offerings, education & training opportunities, and news from the world of medical device security.

Sine wave Virta Labs logo
© 2018 Virta Labs