产品安全性

To request the Baxter document（s）listed below，click and submit your request along with your business contact information（i.e.Your Name，Role，Company，Address，Phone Number）or contact your Baxter service representative。

Email request for ExactaMix Cybersecurity Guide

产品安全性Questions

客户with a specific question about any Baxter product can reach out to已保护or contact their Baxter service representative。

全球专用策略

Baxter has established a全球专用策略to reflect the foregoing principles which are a key part of Baxter company culture and operations。

Baxter’s Coordinated Vulnerability Disclosure Process

Baxter’s mission is to save and sustain lives.Fundamental to our mission and strategy，we are committed to designing，manufacturing，and maintaining safe and secure medical devices.We also know that cybersecurity threats and vulnerabilities change rapidly.Therefore， we are committed to working with the security researcher community to verify and respond to legitimate vulnerabilities and ask researchers to participate in our responsible reporting process outlined below。

Scope

Baxter created this coordinated disclosure process for security researchers to report port potential vulnerabilities related to Baxter’s commercially available products.It is not meant for technical support information on Baxter products or for reporting Adverse Events or Product Quality Complaint.s。应用程序输出通道：https://www.baxter.com/contact-and-support/contact.page。

How to submit

If you have discovered a potential vulnerability related to a Baxter product，we ask you to contact us in English at已保护.Please encrypt your email using ourGPG（GnuPG）public key。

Please include the following information：

Contact information so we can get in touch with you.（name，organization，email address and phone number）。
为什嚒你要做的事情
瓦伦和where the vulnerability was discovered
技术开发与管理
Name，version，and configuration details of the affected product
专用impact and how you envision this vulnerability could be used in attack
信息about the tools and techniques you used to discover this vulnerability
不合格或不合格code
不可分割的，不可分割的，不可分割的
Prior or intended disclosure of vulnerability information to other parties（e.g.regulators，vulnerability coordinators，ventors）

Please do not include any personal information，such as sensitive/health information

瓦特Baxter will do

We will acknowledge receipt of the report within7days。
We will escalate the report to appropriate team to verify and reproduce the reported vulnerability.You may be contacted during this time to support our verification efforts。
We will evaluate the reported vulnerability and conduct a risk analysis to determine appropriate action to take。
If Baxter determines the issue warrants disclosure，we will publish notification on this page，and we will report it to the appropriate external parties such as Cyber Emergency Response Teams（CERTs）and Information Sharing and Analysis Organizations（ISAOs）。

附加变形安全性检查：

Please only conduct testing in secure environments，which comply with the following:

多功能和调节
Avoiding any testing that could hurt patients，cause a privacy issue，or damage equipment
Avoiding testing on devices in use or software that is in a production environment
Avoiding actions taken to exploit any vulnerability
Avoiding action that could make changes to a product or system after the test is completed

节点：

By submitting information through this process，you agree that it will be considered non-proprietary and non-confidential，and that Baxter is allowed to use the information in any manner，in whole tions or in part，without any restriction.You also agree that submitting such information does not create anrights for anrights。

分离的Team

We have a dedicated team that is committed to and passionate about ensuring our products are safe and secure for their intended clinical use.We have developed our products with cybersecurity controls integrated into the design，using a Common Cybersecurity Control Framework for Medical Devices which takes into consideration industry-leading standards，regulations，and guidance documents.While we have focused resources on developing safe and secure products， we know that the cybersecurity threat landscape changes every.Baxter prides itself on being responsive and transparent with our customers about cybersecurity。

We are proud to have a global team of cybersecurity professionals that are dedicated to product security.Our team members are passionate about security and care about the safety of our patients.There are dedicated resources that support both the secure development of new products and the sustained mainance of wenows ybersecurity is adynamic field and we are committed to protecting our patients throughout the entire product lifecycle。

We are proud to have dedicated Business Information Security Officers（BISO）for each of our business units。The BISOs bring a wealth of experience and knowledge， to serve as atrusted advisor for our business and product leaders.This allows cybersecurity to be integrated into everything we do.There are also dedication cybersecurity engineers that support specific produring their development to work through the specific product security requirements.Labut not，ast， we have dedicated resources that conduct thorough cybersecurity risk management procedures that are consistent with our high-standard of product risk management。

Cybersecurity Design

We have proudly developed a Cybersecurity Common Controls Framework for Medical Devices（C3FMD）。Cybersecurity Common Controls Framework（C3FMD）is to provide a consistent and common cybersecurity controls framework that addresses the above security concerns for medical device design and engineering，that is based on industry standards and best practices，is comprehensive inits security coverage，and that addresses the demands of a rapidly evolving cybersecurity landscape.In the C3FMD，cybersecurity is driven first and foremost by patient health and safety concerns。

It is critical to ensure that any medical devices impacting patient health and safety are operated，deployed and managed in a safe， secure and reliable manner.This framework ensure that our products are developed consistently with cybersecurity capabilities built into the medical device.C3FMD covers the following key categories of controls:authentication，authorization，access controls audit， and cryptography.This framework is a prescribed set of baseline cybersecurity controls which enhance the security posture and reduce the risk of compromise against target medical devices。

Responsive&Transparent

We are committed providing transparent information to our customers about product security.In an effort to share information，we provide a Manufacturer Disclosure Statement for Medical Device Security（MDS2），源于国家电子制造商联盟和健康信息和管理系统Society，which contains important cybersecurity design features such as:

审计控制
Authorization
数据备份和发现恢复
主检测/保护
系统和应用程序硬件
传输一致性和完整性

In addition to the information provided in the MDS2，we provide cybersecurity information inour user manuals and customer communications.For any further inquiries，customers can feel free to work with their sales or service representatives。

Partnerships

The healthcare ecosystem is increasingly complex and interconnected.Inorder to protect patients and ensure our products are safe and secure，the entire healthcare industry has to work closely together.To achieve greater security， we value the relationships and partnerships it maintains across the healthcare ecosystem.We are proud of all the thought leaders that make up our product security team.There are several organizations that we work with to gather and share cyber information，such as:

National Health Information Sharing and Analysis Center（NH-ISAC）
ICS-CERT Industrial Control Systems Cyber Emergency Response Team
Advanced Medical Technology Association（AdvaMed）
AAMI的Association for the Advancement of Medical Instrumentation
家庭安全信息网络
Medical Device Innovation、Safety和Security Consortium（MDISS）
介质设备安全信息共享成本（MDSISC）
介质设备Innovation Consortium（MDIC）

Healthcare Professionals

性能，性能

Our Story

Patients

产品安全性