Harbor Labs collaborated with a manufacturer of a mobile cardiac telemetry platform to support the design, implementation, and validation of security features across their connected ecosystem. The system included a wearable ECG patch, mobile and desktop applications, a clinician-facing web portal, and a cloud-based backend infrastructure. Over the course of more than a year, Harbor Labs personnel were integrated with the client’s development teams, participating in architecture reviews, security planning, and ongoing technical consultation.

Harbor Labs’ involvement began at the requirements phase, where senior staff co-authored cybersecurity specifications to ensure alignment with standards. As development progressed, Harbor Labs guided the implementation of a Key Management System and an end-to-end encryption strategy for protecting ECG data across all layers of the system.

Harbor Labs provided continuous security support throughout the development lifecycle. This included reviewing design iterations, assessing architectural updates, and helping the client maintain secure-by-design principles as system complexity evolved.

As part of cybersecurity threat assessment, Harbor Labs produced regulatory-grade documentation covering asset identification, communication flow mapping, STRIDE-based threat modeling, and the development of system-level architecture views — including multi-patient harm analysis, updability/patchability view, and security use case scenarios. These materials directly supported regulatory submissions and internal reviews.

Harbor Labs then led a multi-phase penetration testing campaign that covered all critical surfaces of the product: the embedded firmware on the wearable device, mobile and web applications, backend cloud services, and the clinician desktop software used for ECG review and reporting.

Today, Harbor Labs continues to support the client with formal Verification & Validation (V&V) testing – closing the loop between early risk identification and post-development assurance. This long-term engagement exemplifies how Harbor Labs works with its partner device manufacturers to embed cybersecurity throughout the product development lifecycle.