Cybersecurity Labelling- YO Home Sperm Test  (YO3)

Medical Electronic Systems, (MES) uses industry-standard guidance and high-level security controls to protect the YO Home Sperm Test (YO3) which includes the YO device, YO app and the YO generated data resident on the cloud.

User Interface and a Connection Port

YO3 is intended to be operated by lay users in a home-use environment. The device includes a USB port that is exclusively used to connect power to the YO device with no data transmission capabilities. This port receives power from an external source, such as a USB wall adapter or computer USB port. Any attempt to transfer data via this port is blocked.

Software Bill of Materials (SBOM)

The Software Bill of Materials for the YO Home Sperm Test software is continuously maintained and reviewed by MES. Latest version of the SBOM is available in a machine readable format upon demand by contacting YO Support: https://yospermtest.com/support/ or by request through  SUPPORT in the YO app.

Supporting infrastructure requirements

YO3 communicates securely to the user’s smartphone via local Wi-Fi in compliance with: 

Network Requirements and Guidelines:

1.    Minimum Networking Requirements:

  • YO3 requires the Wi-Fi network to operate as intended and to communicate securely with the user's smartphone.
  • YO3 supports DHCP to automatically assign IP address; a static IP is not required.

2.    Encryption Interfaces:

  • Wi-Fi:  YO3 uses WPA2/WPA3 for data encryption between the YO app and the cloud.
  • App-Level:  End-to-end encryption (e.g., TLS) is used to securely transmit data between the YO app and the cloud secured database.

3.    Guidelines and Warnings:

  • Wi-Fi Configuration: Uses WPA2 or WPA3 encryption and warns to avoid public Wi-Fi networks.
  • Smartphone Security: “Ensure your smartphone's OS is updated and use a password for data protection” (See “User Responsibility” section for further instructions).
  • App Permissions: Only requires necessary permissions to reduce security risks.

Software Updates

When a newly released YO app version is uploaded by MES directly to the App Store/Google Play, an in-app notification will inform the user of its availability to download it from the application store. The user can then directly download the new app from the application store for their Smartphone. 

User Responsibility

When using the YO application, follow standard mobile security practices; password protect the Smartphone; maintain an up-to-date operating system by updating the phone, install anti-malware software, and avoid connecting to public Wi-Fi networks when using the YO app. These measures help ensure the security of personal data while using YO3.

The following guidelines are recommended by MES:

  • Operate the YO App in a private environment.
  • Keep the YO device in a secure location on their Smartphone to prevent physical tampering.
  • Carefully read the entire Instruction for Use (IFU) included in the YO KIT prior to use to ensure optimal results.
  • Follow the recommendation to ensure medical confidentiality by password protecting the Smartphone used for YO testing.
  • Select a YO app login password that meets these minimum requirements:
  1. 8-30 characters.
  2. Use both upper and lowercase letters.
  3. Must contain no more than three of the same characters in a row.
  • Do not share YO app log-in details or password with others.
  • Do not leave the phone unlocked.
  • Use a stable USB power source to prevent potential power surges.
  • The USB port of the YO device is intended to ONLY connect the YO device to power.  Do not connect any USB devices such as a mouse or keyboard to the USB port of the YO device.

 

All the instructions described above are intended to ensure that unauthorized people do not gain access or are exposed to protected health information.

Reporting Device Security or Privacy Breaches

If the YO app or YO device is impacted by a cyber security issue that could directly impact health and safety, or if there is a privacy or security breach, the user should report this to MES Support at: https://yospermtest.com/support/ or submit a report using the SUPPORT section in the YO app.

In addition, if a security issue is detected by MES, the user may be required to: Update the password to the YO app, and/or re-install a new software version that includes a security patch. An in-app notification, pop-up or email will advise of a security event and instruct the user to perform the required corrective action. Depending on the nature of the security event (e.g. operating system dependent, specific to phone type) the notification may be sent to only the impacted users.

Backup and restore, retention and recovery procedures

The default settings of the YO app, along with related authentication configurations, can be restored or backed-up by the YO user using the Back-up and Restore feature.  This feature is only accessible to the authorized user and requires identification (Username and Password).

End of support and end of life for YO device and YO app components

While no specific end-of-support date is currently planned for the YO Home Sperm Test and its associated mobile application, MES will provide advance notice via push notifications through the YO app when/if these events occur.  After the end of support, users will be responsible for ensuring the security of their devices and understanding the increased risks. This includes potential vulnerabilities that may occur due to security updates and patches no longer being available. In such cases, MES strongly recommends transitioning to a supported solution to maintain the security and functionality of the app on the Smartphone.

Decommissioning and sanitizing the product of sensitive, confidential, and proprietary data and software

The YO Home Sperm Test device does not store any sensitive, confidential, or proprietary data. Additionally, during the uninstall process, the YO mobile application automatically removes all user data.  Therefore, no special sanitization procedures are required when decommissioning the device or app.

High-level description of the YO device features that protect critical functions of the YO device and the YO app:

  • The YO device has only one USB port. The YO USB port is used only to power the YO device and cannot be used for data transfer.
  • Other equipment (such as keyboard, mouse) should not be connected to YO.
  • There is no personal data or identifying information stored on the YO device.
  • Communication between the YO app and the cloud is done via a secured HTTPS communication protocol.
  • The YO app includes a backup and restore feature available to the user in the event data needs to be restored. The backup is accessible only to the authorized user and requires username and password identification.
  • No data or private information is stored on the device, all data is stored in a secured cloud database accessible only to the user through the YO app.