Preventing cyber attacks in rescue services

Electronic devices in emergency medicine are extremely powerful, but often insufficiently secured against unauthorised digital access. At the Digital Summit of the German Federal Government on 12th and 13th June 2017, three German companies for the first time presented a technical solution to secure medical devices against unauthorised access to their data.

Immediate emergency measures are often required at the scene of an accident. Respirators may be necessary as an initial intervention. These devices often remain with the patient - from the place of the accident through transport to the intensive care unit. Data is generated and required along the entire rescue chain, in order to provide the involved parties with necessary information as quickly as possible. Unauthorised access to that data can be prevented by mutual identification of the connected medical devices and computers, called machine-to-machine authentication. In addition, supply data can be encrypted before they are sent via mobile or stationary networks.

At the Digital Summit, visitors saw a mobile respirator from Fritz Stephan, protected by technology made in Germany by Wibu-Systems and Infineon Technologies. The integrated hardware anchor is certified by the Federal Office for Information Security (BSI). The respirator not only shows how critical medical devices can be effectively secured, but also how critical equipment can be retrofitted with hardware-based security to effectively secure personal data and medical records.

The device has recently been introduced to market, with security technology developed, tested, and produced in Germany. This is an important milestone towards digital sovereignty in medical care. In July 2016, the European Commission classified the health sector as a critical infrastructure requiring particular security measures against increasing cyber attacks.