Preventing Manipulation of Anesthetic Devices and Other Medical Products

• Full-range exceet security portfolio supports medical networks providers and medical product manufacturers
• Protecting patients, fulfilling due diligence requirements, and reducing security risks 

In a recently staged test attack, hackers succeeded in remotely manipulating a device used to administer anesthesia during operations. The case was widely reported in the media. exceet Secure Solutions, a member company of exceet Group, has specialized in minimizing such risks for years. The security experts provide suitable hardware, software and services as well as consulting expertise specifically tuned to IT risks in healthcare systems.

Independently of the fact that patient safety must take precedence at all times, the law requires operators of medical networks and manufacturers of medical products to exercise due diligence. In practice, however, it can be difficult to determine who actually bears chief responsibility for installing security safeguards. Operators of medical networks and manufacturers are therefore obliged to take measures that protect medical devices from manipulation and unauthorized access.  

Single Source for Hardware, Software & Risk Management

Flexible and secure hardware and software solutions are indispensable when designing secure medical infrastructures. In term of hardware, special attention must be paid to device selection. exceet offers standards devices as well as custom components developed specifically to match client requirements.

Compliance aspects constitute another important component of the value chain. In response to the above-mentioned hacker attack, exceet Secure Solutions has published a White Paper that specifically addresses the relevant issues. In particular, the document examines the DIN standard EN 80001-1: For years, risk management based on this standard has been a market-proven means for operators of medical IT networks to boost level of protection against intentional and unintentional manipulations. At the same time, it ensures compliance with statutory due diligence obligations.    

Benefits for Patients and Compliance Officers

As a first step, liability risks and damage to patients can be reduced just by implementing a number of simple organizational measures. exceet has successfully established such solutions, which can be realized without major effort or expense, for a variety of healthcare clients. exceet’s experts have wide-ranging competence regarding the relevant DIN norms and other standards and legal provisions applicable to the healthcare field. Building on this basis, they work with client IT and compliance managers to develop and implement tailor-made risk management schemes.      

“Risk management is an ideal complement to hard- and software-based solutions that allow secure connectivity between medical devices”, says Christian Schmitz, managing director of exceet Secure Solutions. “We offer IT security consulting to support the wide range of individually customizable components that can be used to create a so-called trusted ecosystem. Our portfolio extends from devices for data transmission to sophisticated PKI (public key infrastructure) solutions and the development of large-scale networks for confidential communication.”            

The current White Paper offers managers of hospitals and other medical institutions a short yet comprehensive overview of the requirements of DIN EN 80001-1-compliant risk management. It serves to provide an initial estimate of costs and can be ordered free of charge by email to info@exceet.ch.