LINET

TeskaLabs helps LINET with cyber security compliance for medical devices

LINET is a major European manufacturer of hospital and nursing beds. The company´s portfolio includes solutions designed for intensive care, products for regular in-bed treatment, and also special beds for retirement homes and long-term care facilities.

It is important to say that modern hospital beds contain various sensors and that they are equipped with sophisticated software, which controls the bed and communicates with the hospital information system. If you look carefully, you will find a computer in every bed unit. However, modernisation in the field of hospital beds can be a twofold sword, if the producer would not take proper care of cyber-security. This is the reason why major governmental bodies create strict cyber-security standards and regulations.

In order for LINET's products to be sold, and then operated by customers, they must meet the requirements of cyber security and data protection legislation. Furthermore, an exceptionally secure implementation of cyber security and data protection is imperative in order to protect confidential patient data, and to eliminate security vulnerabilities in the storage of hospital data across the board.

TeskaLabs guided LINET through this comprehensive process, by revising the requirements for cyber security and data protection, determining the minimum and optimum to meet the requirements, and designing the cyber security architecture.

Yet, it is critical to note that cyber security architecture design is just the beginning. TeskaLabs is now in the middle of discussions about entering further cooperation with LINET, assisting to secure the product itself using TeskaLabs' product SeaCat PKI.

A common element in secure environments, central PKIs, such as SeaCat PKI, are the most requested by cyber security standards. Central PKI provides identity management, thus forming a so-called trust domain. It is a cornerstone for strong identity in all relevant components. 

SeaCat PKI ensures that the connected devices have a so-called strong identity. Thus, it guards in real-time whether the device has the right to communicate with the server and/or other components, and its identity cannot be questioned. It is based on the principle of zero trust policy—a continual verification of the identity/right to communicate with the server and/or other components.   

Moreover, SeaCat PKI automates management of certificates through their entire life cycle. Automated certificate management saves a significant amount of administrative work, and with that it ensures stronger security by reducing the instances of human error. SeaCat PKI:

  • Automatically issues certificates during the enrolment process
  • Automatically controls the validity of the certificate 
  • Automatically renews the certificates (strong Identity Certificates are issued for a limited period of six months and are regularly and automatically renewed) 
  • Enables remote revocation of the certificate (If necessary, specific Identities can be revoked from the trusted domain, e.g. when a bed or an integration module is stolen. The other components will not consider the revoked component as trusted and will not communicate with it). 

For more information about TeskaLabs services, please contact us at: sales@teskalabs.com
For more information about SeaCat PKI, please visit: https://teskalabs.com/products/seacat-pki
For more information about Security Architecture & Compliance, please visit: https://teskalabs.com/services/security-architecture




You Might Be Interested in Reading These Articles

Five Ways AI And Machine Learning Can Enhance Cybersecurity Strategy

Artificial Intelligence (AI) and its essential component machine learning are causing a stir in practically every industry from marketing to education. It’s no wonder designers and tech developers are finding ways to use the benefits of automated technologies to improve cybersecurity infrastructure and defend against increasingly complex and numerous cyber threats.

Continue reading ...

security data-privacy

Published on June 24, 2020

Cyber-health with a password and an antivirus program is not enough

At the beginning of December 2019, the operating system of the Benešov Hospital was crippled by a malicious computer virus to such an extent that no device could be started and doctors had to cancel all planned operations.

Continue reading ...

healthcare data-privacy

Published on February 14, 2020

Personal Data Deindetification: Data Encryption

Data encryption is a critical part of GDPR compliance although there are no explicit GDPR encryption requirements. The regulation vaguely states that businesses must enforce safeguards and security measures to protect all consumer data that they handle. The GDPR refers to pseudonymization and encryption as “appropriate technical and organizational measures.

Continue reading ...

gdpr data-privacy

Published on May 16, 2018