TeskaLabs helps LINET with cyber security compliance for medical devices
LINET is a major European manufacturer of hospital and nursing beds. The company´s portfolio includes solutions designed for intensive care, products for regular in-bed treatment, and also special beds for retirement homes and long-term care facilities.
It is important to say that modern hospital beds contain various sensors and that they are equipped with sophisticated software, which controls the bed and communicates with the hospital information system. If you look carefully, you will find a computer in every bed unit. However, modernisation in the field of hospital beds can be a twofold sword, if the producer would not take proper care of cyber-security. This is the reason why major governmental bodies create strict cyber-security standards and regulations.
In order for LINET's products to be sold, and then operated by customers, they must meet the requirements of cyber security and data protection legislation. Furthermore, an exceptionally secure implementation of cyber security and data protection is imperative in order to protect confidential patient data, and to eliminate security vulnerabilities in the storage of hospital data across the board.
TeskaLabs guided LINET through this comprehensive process, by revising the requirements for cyber security and data protection, determining the minimum and optimum to meet the requirements, and designing the cyber security architecture.
Yet, it is critical to note that cyber security architecture design is just the beginning. TeskaLabs is now in the middle of discussions about entering further cooperation with LINET, assisting to secure the product itself using TeskaLabs' product SeaCat PKI.
A common element in secure environments, central PKIs, such as SeaCat PKI, are the most requested by cyber security standards. Central PKI provides identity management, thus forming a so-called trust domain. It is a cornerstone for strong identity in all relevant components.
SeaCat PKI ensures that the connected devices have a so-called strong identity. Thus, it guards in real-time whether the device has the right to communicate with the server and/or other components, and its identity cannot be questioned. It is based on the principle of zero trust policy—a continual verification of the identity/right to communicate with the server and/or other components.
Moreover, SeaCat PKI automates management of certificates through their entire life cycle. Automated certificate management saves a significant amount of administrative work, and with that it ensures stronger security by reducing the instances of human error. SeaCat PKI:
- Automatically issues certificates during the enrolment process
- Automatically controls the validity of the certificate
- Automatically renews the certificates (strong Identity Certificates are issued for a limited period of six months and are regularly and automatically renewed)
- Enables remote revocation of the certificate (If necessary, specific Identities can be revoked from the trusted domain, e.g. when a bed or an integration module is stolen. The other components will not consider the revoked component as trusted and will not communicate with it).
For more information about TeskaLabs services, please contact us at: firstname.lastname@example.org
For more information about SeaCat PKI, please visit: https://teskalabs.com/products/seacat-pki
For more information about Security Architecture & Compliance, please visit: https://teskalabs.com/services/security-architecture
Most Recent Articles
You Might Be Interested in Reading These Articles
Artificial Intelligence (AI) and its essential component machine learning are causing a stir in practically every industry from marketing to education. It’s no wonder designers and tech developers are finding ways to use the benefits of automated technologies to improve cybersecurity infrastructure and defend against increasingly complex and numerous cyber threats.
Published on June 24, 2020
Homomorphic encryption is a special type of encryption invented by IBM. Encryption is a critical part of GDPR compliance although there are no explicit GDPR encryption requirements. The regulation vaguely states that businesses must enforce safeguards and security measures to protect all consumer data that they handle. The GDPR refers to pseudonymization and encryption as “appropriate technical and organizational measures.
Published on June 14, 2018
Pseudonymization is a critical part of GDPR compliance although there are no explicit GDPR pseudonymization requirements. The regulation vaguely states that businesses must enforce safeguards and security measures to protect all consumer data that they handle. The GDPR refers to pseudonymization and encryption as “appropriate technical and organizational measures.
Published on July 15, 2018