Digital networking is already widespread in many areas of life. In the healthcare industry, a clear trend towards networked devices is noticeable, so that the number of high-tech medical devices in the health sector (hospitals, care institutions, doctor’s offices, home care, etc.) is steadily increasing. In clinical settings, these include, e.g., infusion pumps, implants, or large medical equipment, such as CT and MRI. Notably, in a clinical environment, highly complex devices are used for vital applications. This is usually accompanied by extensive usage over a prolonged service life and can cause severe problems because security measures are often missing or ineffective. A defective or manipulated device can pose a potential threat to patients’ lives.
The German Federal Office for Information Security (BSI), in its role as the Federal Cyber Security Authority in Germany, aims to sensitize manufacturers and the public regarding security risks of networked medical devices. In response to the often fatal security reports and press releases of networked medical devices, the BSI initiated the project Manipulation of Medical Devices (ManiMed) in 2019. In this white paper, the results of the security analysis for one of the selected products within this project are presented.