How Richard Wolf Strengthened Medical Device Cybersecurity Using ONEKEY

Richard Wolf Overview

Richard Wolf is a globally recognized medical technology manufacturer specializing in high-quality endoscopic systems and advanced operating room (OR) solutions. With over 75 years of excellence, 1800 dedicated employees, and distinctions such as Digital Champion (2018), Global Market Leader (2018), and Most Desired Medical Technology Company (2020), Richard Wolf is headquartered in Knittlingen, Germany, with 18 subsidiaries and 130 distributors worldwide. Its portfolio includes complex embedded medical devices, such as surgical and endoscopic instruments, as well as integrated OR solutions. It also offers standalone hospital software, including workflow management applications and device control interfaces. 

As a leader in the medical device industry, Richard Wolf aims to uphold the highest cybersecurity and compliance standards to protect patient safety and support safe, effective clinical use. This responsibility requires not only a robust technical solution but also a partner capable of growing with it and supporting its long-term regulatory and cybersecurity needs.

To align with evolving regulatory frameworks such as IEC 81001-5-1 and the EU MDR, Richard Wolf began evaluating how to enhance transparency within its software and support its teams amid growing cybersecurity needs. This evaluation highlighted several challenges that needed to be addressed to maintain the company’s high standards for safety and compliance.

‍

The Challenge: Meeting Compliance and Product Security Expectations in Healthcare 

As regulatory expectations and product complexity grew, Richard Wolf also encountered challenges that required a more scalable and transparent approach. These challenges arose from the increasing sophistication of embedded software and the strict compliance requirements surrounding it, making manual processes for cybersecurity and vulnerability management no longer sufficient. 

‍

Key Challenges Identified:

• Increasing international compliance requirements, particularly IEC 81001-5-1 for EU MDR submissions
• Limited visibility into embedded components used in medical devices and supporting software
• Significant effort to create and maintain accurate SBOMs with reliable component-level details
• Difficulty in efficiently identifying vulnerabilities that were specifically relevant to its product builds
• Need for credible, high-quality security documentation to respond to audits and regulatory discussions
• Product managers receiving more questions about product cybersecurity from customers and partners, requiring clear, professional reports they could share externally

These challenges made it essential for Richard Wolf to adopt a cybersecurity platform that could handle the complexity of its modern Linux-based medical devices and provide reliable insights across the development and post-market phases.

‍

The Solution: A Modern Approach to SBOM, Vulnerability, and Compliance Management with ONEKEY

Richard Wolf adopted the ONEKEY platform to streamline SBOM creation, vulnerability analysis, and compliance readiness across its various product lifecycles. It introduced ONEKEY through both standalone workflows and API-enabled processes that automate key steps.

‍

How ONEKEY Fits into Richard Wolf’s Workflow

ONEKEY is now used at several stages of the development lifecycle:

• Early Development: Identifying critical components, ensuring software bill of materials (SBOM) accuracy, and validating build integrity.‍
• In Development: Continuous analysis of embedded software, including firmware used in endoscopic systems, visualization units, and OR integration platforms.‍
• Post-Release: Monitoring product builds to detect changes in components or vulnerabilities and prepare updated cybersecurity reports.‍
• Third-Party Software Assessment: Evaluating external software packages used in device ecosystems or hospital IT integrations.

‍

Key Capabilities Utilized

• Validated SBOM creation
• Comprehensive vulnerability detection and automated impact assessment
• Continuous product monitoring for component or vulnerability changes
• Structured reports for regulatory and customer communication

These capabilities enabled Richard Wolf to establish a repeatable, trusted cybersecurity workflow.

‍

Richard Wolf: Benefits of Using ONEKEY

• Faster SBOM Creation and Better Transparency: ONEKEY allows Richard Wolf to generate fully validated SBOMs within minutes. This significantly accelerates early-phase development and improves visibility into the software composition of its embedded medical devices.‍
• Efficient and Accurate Vulnerability Triage: The automated impact assessment helps teams identify which vulnerabilities are truly present in their products. This reduces noise, saves time, and ensures focus on issues that matter.‍
• Stronger Regulatory Readiness: ONEKEY provides credible, high-quality documentation that supports conversations with notified bodies, test houses, and internal stakeholders. Product managers now use these reports to answer frequent cybersecurity questions they receive from customers and partners.‍
• Scalable Cybersecurity Processes for Modern Devices: The platform supports Richard Wolf’s Linux-based devices and enables the analysis of complex embedded systems, a previously time-consuming challenge.

Why Richard Wolf chose ONEKEY

Richard Wolf chose ONEKEY because the platform delivered the technical depth, clarity, and reliability required to secure complex medical devices while supporting long-term cybersecurity maturity. It recognized that ONEKEY provided not only advanced cybersecurity capabilities but also a trustworthy partner it could rely on as its regulatory and product security responsibilities continue to grow.

‍

Key Reasons Richard Wolf Selected ONEKEY:

• Fast, accurate, and validated SBOM generation
• High-value automated vulnerability impact assessment
• Clear and professional security reports that can be shared with internal and external stakeholders
• A trustworthy partner with strong and responsive support
• Confidence that ONEKEY could scale with its evolving cybersecurity needs

To highlight the practical value ONEKEY delivers across daily workflows, Richard Wolf’s team shared several remarks during the interview that reflect both their experience with the platform and the trust built throughout the collaborations:

• “We obtained an SBOM within minutes - that’s great to have as a starter.” “It speeds things up and works nicely.”
• “It’s more partnership than just the product.”
• “Our expectations were met - especially seeing insights we never knew before.”
• “Given the value and the support, it’s a good value for money.”

These statements reflect how ONEKEY supports Richard Wolf’s operational needs while also strengthening confidence in its cybersecurity processes and long-term compliance strategy.

‍

“As a medical device manufacturer, we use the ONEKEY platform to systematically manage and monitor all cybersecurity aspects of our software-enabled medical devices. The platform is essential for meeting international cybersecurity and regulatory requirements, enabling us to address global market-access obligations efficiently. By supporting vulnerability management, compliance, and transparent documentation, ONEKEY allows us to enter international markets more quickly and maintain a strong, reliable security posture throughout the entire product lifecycle.”

Volker Rebske
‍Head of Software Medical Devices
‍Fabian Nowak
Cybersecurity Architect Medical Devices

‍

Conclusion

Through ONEKEY, Richard Wolf has established a scalable and reliable cybersecurity workflow that strengthens product security, accelerates regulatory readiness, and supports internal collaboration. The ONEKEY platform helps the company meet the growing expectations for medical device cybersecurity and gives teams the confidence and clarity they need to deliver safe, effective, and compliant products. With ONEKEY as its trusted cybersecurity partner, Richard Wolf is well prepared to navigate future regulatory developments and maintain its leadership in secure medical technology.