TeskaLabs helps LINET with cyber security compliance for medical devices
LINET is a major European manufacturer of hospital and nursing beds. The company´s portfolio includes solutions designed for intensive care, products for regular in-bed treatment, and also special beds for retirement homes and long-term care facilities.
It is important to say that modern hospital beds contain various sensors and that they are equipped with sophisticated software, which controls the bed and communicates with the hospital information system. If you look carefully, you will find a computer in every bed unit. However, modernisation in the field of hospital beds can be a twofold sword, if the producer would not take proper care of cyber-security. This is the reason why major governmental bodies create strict cyber-security standards and regulations.
In order for LINET's products to be sold, and then operated by customers, they must meet the requirements of cyber security and data protection legislation. Furthermore, an exceptionally secure implementation of cyber security and data protection is imperative in order to protect confidential patient data, and to eliminate security vulnerabilities in the storage of hospital data across the board.
TeskaLabs guided LINET through this comprehensive process, by revising the requirements for cyber security and data protection, determining the minimum and optimum to meet the requirements, and designing the cyber security architecture.
Yet, it is critical to note that cyber security architecture design is just the beginning. TeskaLabs is now in the middle of discussions about entering further cooperation with LINET, assisting to secure the product itself using TeskaLabs' product SeaCat PKI.
A common element in secure environments, central PKIs, such as SeaCat PKI, are the most requested by cyber security standards. Central PKI provides identity management, thus forming a so-called trust domain. It is a cornerstone for strong identity in all relevant components.
SeaCat PKI ensures that the connected devices have a so-called strong identity. Thus, it guards in real-time whether the device has the right to communicate with the server and/or other components, and its identity cannot be questioned. It is based on the principle of zero trust policy—a continual verification of the identity/right to communicate with the server and/or other components.
Moreover, SeaCat PKI automates management of certificates through their entire life cycle. Automated certificate management saves a significant amount of administrative work, and with that it ensures stronger security by reducing the instances of human error. SeaCat PKI:
- Automatically issues certificates during the enrolment process
- Automatically controls the validity of the certificate
- Automatically renews the certificates (strong Identity Certificates are issued for a limited period of six months and are regularly and automatically renewed)
- Enables remote revocation of the certificate (If necessary, specific Identities can be revoked from the trusted domain, e.g. when a bed or an integration module is stolen. The other components will not consider the revoked component as trusted and will not communicate with it).
For more information about TeskaLabs services, please contact us at: email@example.com
For more information about SeaCat PKI, please visit: https://teskalabs.com/products/seacat-pki
For more information about Security Architecture & Compliance, please visit: https://teskalabs.com/services/security-architecture
Most Recent Articles
- How big Log Management or SIEM solution does your organization need
- And the winner is...Go!
- Case Study - TeskaLabs SIEM for large Czech government organization
- TeskaLabs and University hospital in Pilsen launches a pilot of zScanner - open source mobile app for medical photo documentation
- EV Charging Station security demonstrator
You Might Be Interested in Reading These Articles
At the beginning of December 2019, the operating system of the Benešov Hospital was crippled by a malicious computer virus to such an extent that no device could be started and doctors had to cancel all planned operations.
Published on February 14, 2020
Data encryption is a critical part of GDPR compliance although there are no explicit GDPR encryption requirements. The regulation vaguely states that businesses must enforce safeguards and security measures to protect all consumer data that they handle. The GDPR refers to pseudonymization and encryption as “appropriate technical and organizational measures.
Published on September 13, 2018
The year 2018 will, at least in Europe, be a turning point for data privacy and personal information protection. In this article, I will focus on personal data processing. I describe methods of de-identification of personal data, such as pseudonymization, anonymization, and encryption.
Published on November 28, 2017