BSI Medical and Care Products

BSI publishes study results on the security of medical products and care products

The thoughts of unsafe medical or care products is discon­certing. Especially in a sensitive area such as the health care sector, the affected person trusts in the best possible help. But especially with the advancing digital­i­sation in the healthcare sector, vulner­a­bil­ities are increas­ingly appearing in networked medical‑, IoT- and elderly care products. If such vulner­a­bil­ities are discovered or even exploited, this often poses a major problem for users and manufac­turers of these products.
The Federal Office for Infor­mation Security (BSI) therefore initiated the projects “ManiMed — Manip­u­lation of Medical Devices” and “eCare — Digiti­sation in Care” in order to be able to assess the IT security of selected products.

he studies now published by the BSI enable manufac­turers to improve the IT security features of their products. In addition, users of medical devices are informed about which IT security features could be critical. Improved IT security features strengthen the confi­dence of patients and doctors in the security of networked medical devices. In the study, a total of six products from different categories were examined in terms of IT security.

SRC played a major role in the prepa­ration of the eCare study. The study focused on networked products (both medical and IoT products) that are used in the field of care for the elderly or sick. These include, for example, devices for measuring vital data or a tablet for senior citizens. A total of six products from different categories were examined from an IT security perspective. The results of the study can be found on the BSI website for Download.

In summary, the IT security level of the products examined can be rated as poor to very poor. The results lead us to believe that none of the products examined, including their inter­faces, apps, etc., have been subjected to a profes­sional security evalu­ation, an independent penetration test or similar.