Imagine this scenario: a famous football player is involved in a serious traffic accident, just as his team is fighting to avoid relegation. While the player’s accident is not yet publicly known, the IT systems of the hospital are attacked. Looking for sensitive data, the perpetrators come across the name and records of the football player. Nobody yet knows that a substitute for the player will be necessary or that the team’s position is at risk. Ticket sales and sport bets continue as normal for the unsuspecting public.
Electronic devices in emergency medicine are extremely powerful, but often insufficiently secured against unauthorised digital access. At the Digital Summit of the German Federal Government on 12th and 13th June 2017, three German companies for the first time presented a technical solution to secure medical devices against unauthorised access to their data.
Immediate emergency measures are often required at the scene of an accident. Respirators may be necessary as an initial intervention. These devices often remain with the patient - from the place of the accident through transport to the intensive care unit. Data is generated and required along the entire rescue chain, in order to provide the involved parties with necessary information as quickly as possible. Unauthorised access to that data can be prevented by mutual identification of the connected medical devices and computers, called machine-to-machine authentication. In addition, supply data can be encrypted before they are sent via mobile or stationary networks.
At the Digital Summit, visitors saw a mobile respirator from Fritz Stephan, protected by technology made in Germany by Wibu-Systems and Infineon Technologies. The integrated hardware anchor is certified by the Federal Office for Information Security (BSI). The respirator not only shows how critical medical devices can be effectively secured, but also how critical equipment can be retrofitted with hardware-based security to effectively secure personal data and medical records.
The device has recently been introduced to market, with security technology developed, tested, and produced in Germany. This is an important milestone towards digital sovereignty in medical care. In July 2016, the European Commission classified the health sector as a critical infrastructure requiring particular security measures against increasing cyber attacks.