BSI publishes study results on the security of medical products and care products
The thoughts of unsafe medical or care products is disconcerting. Especially in a sensitive area such as the health care sector, the affected person trusts in the best possible help. But especially with the advancing digitalisation in the healthcare sector, vulnerabilities are increasingly appearing in networked medical‑, IoT- and elderly care products. If such vulnerabilities are discovered or even exploited, this often poses a major problem for users and manufacturers of these products.
The Federal Office for Information Security (BSI) therefore initiated the projects “ManiMed — Manipulation of Medical Devices” and “eCare — Digitisation in Care” in order to be able to assess the IT security of selected products.
he studies now published by the BSI enable manufacturers to improve the IT security features of their products. In addition, users of medical devices are informed about which IT security features could be critical. Improved IT security features strengthen the confidence of patients and doctors in the security of networked medical devices. In the study, a total of six products from different categories were examined in terms of IT security.
SRC played a major role in the preparation of the eCare study. The study focused on networked products (both medical and IoT products) that are used in the field of care for the elderly or sick. These include, for example, devices for measuring vital data or a tablet for senior citizens. A total of six products from different categories were examined from an IT security perspective. The results of the study can be found on the BSI website for Download.
In summary, the IT security level of the products examined can be rated as poor to very poor. The results lead us to believe that none of the products examined, including their interfaces, apps, etc., have been subjected to a professional security evaluation, an independent penetration test or similar.