TeskaLabs helps LINET with cyber security compliance for medical devices

LINET is a major European manufacturer of hospital and nursing beds. The company´s portfolio includes solutions designed for intensive care, products for regular in-bed treatment, and also special beds for retirement homes and long-term care facilities.

It is important to say that modern hospital beds contain various sensors and that they are equipped with sophisticated software, which controls the bed and communicates with the hospital information system. If you look carefully, you will find a computer in every bed unit. However, modernisation in the field of hospital beds can be a twofold sword, if the producer would not take proper care of cyber-security. This is the reason why major governmental bodies create strict cyber-security standards and regulations.

In order for LINET's products to be sold, and then operated by customers, they must meet the requirements of cyber security and data protection legislation. Furthermore, an exceptionally secure implementation of cyber security and data protection is imperative in order to protect confidential patient data, and to eliminate security vulnerabilities in the storage of hospital data across the board.

TeskaLabs guided LINET through this comprehensive process, by revising the requirements for cyber security and data protection, determining the minimum and optimum to meet the requirements, and designing the cyber security architecture.

Yet, it is critical to note that cyber security architecture design is just the beginning. TeskaLabs is now in the middle of discussions about entering further cooperation with LINET, assisting to secure the product itself using TeskaLabs' product SeaCat PKI.

A common element in secure environments, central PKIs, such as SeaCat PKI, are the most requested by cyber security standards. Central PKI provides identity management, thus forming a so-called trust domain. It is a cornerstone for strong identity in all relevant components. 

SeaCat PKI ensures that the connected devices have a so-called strong identity. Thus, it guards in real-time whether the device has the right to communicate with the server and/or other components, and its identity cannot be questioned. It is based on the principle of zero trust policy—a continual verification of the identity/right to communicate with the server and/or other components.   

Moreover, SeaCat PKI automates management of certificates through their entire life cycle. Automated certificate management saves a significant amount of administrative work, and with that it ensures stronger security by reducing the instances of human error. SeaCat PKI:

  • Automatically issues certificates during the enrolment process
  • Automatically controls the validity of the certificate 
  • Automatically renews the certificates (strong Identity Certificates are issued for a limited period of six months and are regularly and automatically renewed) 
  • Enables remote revocation of the certificate (If necessary, specific Identities can be revoked from the trusted domain, e.g. when a bed or an integration module is stolen. The other components will not consider the revoked component as trusted and will not communicate with it). 

For more information about TeskaLabs services, please contact us at:
For more information about SeaCat PKI, please visit:
For more information about Security Architecture & Compliance, please visit:

You Might Be Interested in Reading These Articles

Pseudonymization, Anonymization, Encryption ... what is the difference?

The year 2018 will, at least in Europe, be a turning point for data privacy and personal information protection. In this article, I will focus on personal data processing. I describe methods of de-identification of personal data, such as pseudonymization, anonymization, and encryption.

Continue reading ...

gdpr data-privacy

Published on November 28, 2017

Personal Data Deindetification: Data Encryption

Data encryption is a critical part of GDPR compliance although there are no explicit GDPR encryption requirements. The regulation vaguely states that businesses must enforce safeguards and security measures to protect all consumer data that they handle. The GDPR refers to pseudonymization and encryption as “appropriate technical and organizational measures.

Continue reading ...

gdpr data-privacy

Published on May 16, 2018

Personal Data Deindetification: Anonymization

If you manage private data of any kind, you need to be familiar with the process of anonymization and how it can be used to keep the information you store safe from data breaches.

Continue reading ...

gdpr data-privacy

Published on April 16, 2018