TeskaLabs helps LINET with cyber security compliance for medical devices
LINET is a major European manufacturer of hospital and nursing beds. The company´s portfolio includes solutions designed for intensive care, products for regular in-bed treatment, and also special beds for retirement homes and long-term care facilities.
It is important to say that modern hospital beds contain various sensors and that they are equipped with sophisticated software, which controls the bed and communicates with the hospital information system. If you look carefully, you will find a computer in every bed unit. However, modernisation in the field of hospital beds can be a twofold sword, if the producer would not take proper care of cyber-security. This is the reason why major governmental bodies create strict cyber-security standards and regulations.
In order for LINET's products to be sold, and then operated by customers, they must meet the requirements of cyber security and data protection legislation. Furthermore, an exceptionally secure implementation of cyber security and data protection is imperative in order to protect confidential patient data, and to eliminate security vulnerabilities in the storage of hospital data across the board.
TeskaLabs guided LINET through this comprehensive process, by revising the requirements for cyber security and data protection, determining the minimum and optimum to meet the requirements, and designing the cyber security architecture.
Yet, it is critical to note that cyber security architecture design is just the beginning. TeskaLabs is now in the middle of discussions about entering further cooperation with LINET, assisting to secure the product itself using TeskaLabs' product SeaCat PKI.
A common element in secure environments, central PKIs, such as SeaCat PKI, are the most requested by cyber security standards. Central PKI provides identity management, thus forming a so-called trust domain. It is a cornerstone for strong identity in all relevant components.
SeaCat PKI ensures that the connected devices have a so-called strong identity. Thus, it guards in real-time whether the device has the right to communicate with the server and/or other components, and its identity cannot be questioned. It is based on the principle of zero trust policy—a continual verification of the identity/right to communicate with the server and/or other components.
Moreover, SeaCat PKI automates management of certificates through their entire life cycle. Automated certificate management saves a significant amount of administrative work, and with that it ensures stronger security by reducing the instances of human error. SeaCat PKI:
- Automatically issues certificates during the enrolment process
- Automatically controls the validity of the certificate
- Automatically renews the certificates (strong Identity Certificates are issued for a limited period of six months and are regularly and automatically renewed)
- Enables remote revocation of the certificate (If necessary, specific Identities can be revoked from the trusted domain, e.g. when a bed or an integration module is stolen. The other components will not consider the revoked component as trusted and will not communicate with it).
For more information about TeskaLabs services, please contact us at: firstname.lastname@example.org
For more information about SeaCat PKI, please visit: https://teskalabs.com/products/seacat-pki
For more information about Security Architecture & Compliance, please visit: https://teskalabs.com/services/security-architecture
Most Recent Articles
- From State Machine to Stateless Microservice
- Entangled ways of product development in the area of cybersecurity #3 - LogMan.io
- Entangled ways of product development in the area of cybersecurity #2 - BitSwan
- Entangled ways of product development in the area of cybersecurity #1 - Asynchronous or parallel?
- State machine miracle
You Might Be Interested in Reading These Articles
Cellphone instead of a filing cabinet. Until quite recently, doctors at the IKEM hospital in Prague needed to perform photo documentation by first taking pictures with a digital camera, and then downloading and/or uploading them via a computer network to patient cards. A solution to this tedious and time-consuming practice was made possible through the use of mobile scanning technology.
Published on December 10, 2019
Pseudonymization is a critical part of GDPR compliance although there are no explicit GDPR pseudonymization requirements. The regulation vaguely states that businesses must enforce safeguards and security measures to protect all consumer data that they handle. The GDPR refers to pseudonymization and encryption as “appropriate technical and organizational measures.
Published on July 15, 2018
TeskaLabs and University hospital in Pilsen launches a pilot of zScanner - open source mobile app for medical photo documentation
zScanner is a mobile application for clinical and medical photo documentation. zScanner enables doctors and nurses to take photos of patient medical records, and of injuries of the patients, and upload them to a hospital information system. zScanner is an application created by the Institute of Clinical and Experimental Medicine in Prague (IKEM), a major Czech hospital, and the largest center of clinical and experimental medicine in the Czech Republic. During the pilot in the University hospital in Pilsen, zScanner is used at a Clinic of Oncology and Radiotherapy, and at the Clinic of anesthesiology, resuscitation and intensive medicine.
Published on September 17, 2020