Know Your Assets.

Controlling Medical Device Cybersecurity Risks for Hospitals

How well do you know your medical devices? Most healthcare delivery organizations (HDOs) know that medical devices pose cybersecurity risks to patients and care, but attempt to sweep the problem under the rug, leading to unsustainable, uncontrolled, unnecessary risk.

Effectively controlling medical device cybersecurity risk means knowing:

  • What are our devices?
  • What vulnerabilities do our devices have?
  • Are we applying appropriate controls?
  • How will we know when a device needs attention?
  • What should we be doing right now, at this moment?
  • Are we making progress toward our goals?

Run Lean, Get Strong

BlueFlow inventory screenshot

BlueFlow is the foundation of a strong medical device cybersecurity program. We don't waste your time with false assurance and outrageous costs. We help you understand and reduce your cybersecurity risks sustainably, transparently, and affordably.

Build Security In with BlueFlow™

BlueFlow asset screenshot

Cybersecurity assurance done right.

BlueFlow is a software suite that helps HTM, clinical engineering, and IT teams streamline inventory, identification, risk assessment, patching, and threat monitoring of medical device assets at healthcare facilities of any size.

  • Simple, automated risk assessment on your terms
  • Detailed reporting on risk, controls, patching, and more
  • Threat feed that highlights your assets
  • Cross-team sharing for clinical & IT teams
  • Full context and history of risk for every asset
BlueFlow Pulse screenshot

Leverage your existing investments, including your team. BlueFlow seamlessly integrates with:

  • CMMS & work order systems
  • Vulnerability scanners
  • SIEMs and log aggregators
  • Netflow aggregators
  • ... and the best open-source tools (including ours) to help you understand what your assets are, what they're doing, and what you can do to make sure they're up to date.

We're All About Healthcare

Our founders pioneered the field of medical device security with the world's first published medical device hack and defenses and have led the conversation ever since. We have advised healthcare delivery organizations, regulators, major medical device manufacturers, standards bodies, and researchers since 2008.
Ben Ransford, Ph.D.
“We started Virta Labs because we were tired of security vendors treating HDOs like second-class citizens without solving the real problems that made their jobs so challenging. It may sound simple, but our main selling point is that we listen.
— Ben Ransford, Ph.D., Co-Founder & CEO
Kevin Fu, Ph.D.
“Admiring the problem won't make it go away. We stake our reputation on our ability to design real solutions that actually make people better at their jobs.
— Kevin Fu, Ph.D., Co-Founder & Chief Scientist

Highlighted Publications

Community Building

Open Source

Tapirx (taper ecks) logo

In use at health systems and labs worldwide.

Read More Download Now

Contact us for commercial support.
Tapirx is free, open-source software for fully passive medical device discovery & identification. It integrates with BlueFlow or operates by itself to give you full-spectrum coverage from discovery to risk assessment to lifecycle management.
  • Discover medical devices on your networks, from live or recorded traffic
  • Fill gaps in your inventory with make, model, and ePHI tagging (integrated with BlueFlow)
  • Deploy discovery & identification wherever you want, in minutes, without paying a dime
  • Integrate with asset-management and security tools
  • Avoid vendor lock-in and expensive mystery boxes; run on your own infrastructure

Artist's rendition of Chief Scientist Kevin Fu's keynote at AAMI 2017. Courtesy of AAMI.


January 2019 We're sponsoring the Medical Device Security 101 conference in Orlando again this year. Ask about open source and meet our customers!
October 2018 We've combined forces with Coalfire to offer full-service consulting with BlueFlow. See our partners page for details!
October 2018 We were selected as a Technology Collaborator for the NIST NCCoE Securing PACS project!
February 2018 New free white paper for HDOs on Medical device security return on investment (ROI).
May 2017 New peer-reviewed publication: Cybersecurity and medical devices: A Practical guide for cardiac electrophysiologists
See our blog for more updates.

Get Updates

Stay current with BlueFlow™ discounts, new products, service offerings, education & training opportunities, and news from the world of medical device security.

Sine wave Virta Labs logo
© 2019 Virta Labs