Accuray Product Cybersecurity
Accuray is Dedicated to Cybersecurity
Cybersecurity is a comprehensive and ongoing lifecycle process that is of the utmost importance and priority for Accuray.
Accuray is dedicated to ensuring the safety and security of our products so that you can confidently deliver the best possible care to patients. Our products employ a multi-modal approach to security that includes People, Process and Technology to address the ever-increasing risk of cyber threats. To that end, we have created a Security Advisory archive to keep you informed of cyber-security risks and the actions being taken by Accuray.
Our commitment to this full cybersecurity lifecycle process ensures that our customers can trust us, and that we remain resilient against evolving threats.
Accuray also encourages customers and other interested parties to report Accuray security concerns to their respective Technical Support Representative, or via: https://www.accuray.com/contact-us.
To view all vulnerability disclosures please click here. If you are not an Accuray Exchange member and are an Accuray System user, join now.
From inception and implementation, to maintenance, we prioritize security at every stage of our process. Our approach begins with administrative controls such as policies and procedures, followed by robust design and assessment, and continuous monitoring to identify vulnerabilities. We apply security patches and updates, conduct routine penetration testing, and offer regular training to foster a security-conscious culture. Our incident response plan is designed to address any security breaches or incidents and integrate with cross-functional teams for timely support. Our process continues to be updated and improved through the change control process.
Software-based firewall deployed in Windows device sets security rules on device’s inbound and outbound communications.
The Accuray Firewall by default blocks all inbound and outbound communications. Only approved communications via Access Control Lists (ACLs) are allowed to traverse from Accuray to Hospital network and vice versa. Accuray-provided and managed firewall device provides a single exit and entrance point between the hospital network and the Accuray private LAN.
The iDMS employs a built-in role-based authentication system to grant or deny access to certain features and functions based on user role.
Each user is assigned a login account and password. Each login account is associated with a role or profile that defines what the user can do. Customer administrator can manage accounts, make changes to the user profiles and set policies to meet their security requirements.
User activities are audit-trailed at application, OS and firewall levels.
Application whitelisting tool is deployed on all Windows-based machines to protect against and prevent unknown executables, scripts, and batch files from running.
Data is backed up every 2 hours and disaster recovery option is provided for critical devices.
Data is backed up every 2 hours and disaster recovery option is provided for critical devices.
Data at Rest – Microsoft BitLocker technology using Advanced Encryption Standard (AES) with a key length of 256 bits to protect the contents of hard drives that contain PHI data at rest.
Data in Transit – Data communication with PHI data is encrypted using TLS 1.2 encryption.
Software-based firewall deployed in Windows device sets security rules on device’s inbound and outbound communications.
The Accuray Firewall by default blocks all inbound and outbound communications. Only approved communications via Access Control Lists (ACLs) are allowed to traverse from Accuray to Hospital network and vice versa. Accuray-provided and managed firewall device provides a single exit and entrance point between the hospital network and the Accuray private LAN
The iDMS employs a built-in role-based authentication system to grant or deny access to certain features and functions based on user role.
Each user is assigned a login account and password. Each login account is associated with a role or profile that defines what the user can do. Customer administrator can manage accounts, make changes to the user profiles and set policies to meet their security requirements.
User activities are audit-trailed at application, OS and firewall levels.
Application whitelisting tool is deployed on all Windows-based machines to protect against and prevent unknown executables, scripts, and batch files from running.
Data is backed up every 2 hours and disaster recovery option is provided for critical devices.
Data is backed up every 2 hours and disaster recovery option is provided for critical devices.
Data at Rest – Microsoft BitLocker technology using Advanced Encryption Standard (AES) with a key length of 256 bits to protect the contents of hard drives that contain PHI data at rest.
Data in Transit – Data communication with PHI data is encrypted using TLS 1.2 encryption.
Software-based firewall deployed in Windows device sets security rules on device’s inbound and outbound communications.
The Accuray Firewall by default blocks all inbound and outbound communications. Only approved communications via Access Control Lists (ACLs) are allowed to traverse from Accuray to Hospital network and vice versa. Accuray-provided and managed firewall device provides a single exit and entrance point between the hospital network and the Accuray private LAN
The iDMS employs a built-in role-based authentication system to grant or deny access to certain features and functions based on user role.
Each user is assigned a login account and password. Each login account is associated with a role or profile that defines what the user can do. Customer administrator can manage accounts, make changes to the user profiles and set policies to meet their security requirements.
User activities are audit-trailed at application, OS and firewall levels.
Application whitelisting tool is deployed on all Windows-based machines to protect against and prevent unknown executables, scripts, and batch files from running.
Data is backed up every 2 hours and disaster recovery option is provided for critical devices.
Data is backed up every 2 hours and disaster recovery option is provided for critical devices.
Data at Rest – Microsoft BitLocker technology using Advanced Encryption Standard (AES) with a key length of 256 bits to protect the contents of hard drives that contain PHI data at rest.
Data in Transit – Data communication with PHI data is encrypted using TLS 1.2 encryption.
Coordinated Vulnerability Disclosure Process
Cybersecurity Policy Statement
At Accuray, we are committed to ensuring the security and integrity of our products. Our Coordinated Vulnerability Disclosure (CVD) process is designed to facilitate the responsible reporting and handling of security vulnerabilities. This process ensures timely and effective communication with all stakeholders, including customers, regulatory bodies, and security researchers.
Vulnerability Report In-Take
We encourage security researchers and other stakeholders to report any vulnerabilities they discover in our products. To ensure a thorough investigation, please provide as much information as possible. The following details are encouraged:
- Full name and contact information (email address) of the finder and/or reporter
- Name and version of the affected product(s)
- Technical description of the vulnerability, including actions performed and results
- Associated Common Weakness Enumeration (CWE), if applicable
- Steps to reproduce the vulnerability or exploitation steps
Upon receiving a vulnerability report, we will acknowledge receipt and may request additional information if necessary. We will then evaluate the reported vulnerability to determine its validity and potential impact.
Please email your vulnerability report to [email protected].
Have questions or concerns?
To ask questions or raise a concern about company activities and business, contact Accuray here.
