The new BSI recommendation for network-compatible medical devices, into which ZVEI expert knowledge has been incorporated, serves as a support for manufacturers to take appropriate account of aspects of cybersecurity
Cyberattacks on hospitals in Germany have shown that cybersecurity must also be improved in the health industry. Hospitals classified as critical infrastructure in accordance with the BSI Act are obliged to prove to the Federal Office for Information Security (BSI) by June 2019 at the latest that they have successfully implemented state-of-the-art IT security measures.
According to BSI and ZVEI - German Electrical and Electronic Manufacturers' Association - these IT security measures also include network-compatible medical products. The new BSI recommendation for network-compatible medical devices, into which ZVEI expert knowledge has been incorporated, serves as support for manufacturers to take appropriate account of aspects of cybersecurity.
The aim of the recommendation is to define requirements for networked medical devices and to contribute to an overall higher level of protection against cyberattacks on health facilities. A compilation of best practices is intended to support the implementation and maintenance of an appropriate state-of-the-art cyber-security level. Instead of concrete instructions for action, which may not be equally applicable to all products, questions relevant to cybersecurity are asked for individual areas. The questions should enable the manufacturer to generate and implement the necessary instructions for his product.
"Cybersecurity requires the cooperation of all parties involved, but also the exchange of information," says Hans-Peter Bursig, Managing Director Medical Engineering Division (ZVEI). "The ZVEI therefore invited manufacturers, users and BSI to an initial strategy discussion on 'Medical Technology Cyber Safety' as early as November 2017. There was a consensus that medical technology must be part of a comprehensive cybersecurity strategy. However, this comprehensive cybersecurity strategy must also be based on the cooperation and coordination of all parties involved." The exchange will therefore be continued at the German X-Ray Congress with a second strategy discussion.
The presentation of the BSI recommendation "Cybersafety requirements for network-compatible medical devices" will take place on Wednesday, 9 May 2018 at 4:45 p.m. at the German X-Ray Congress (Forum IT II - Cybersecurity in Medical Technology, Hall 2, Rieder Room) in Leipzig.
The BSI recommendation "Cybersafety requirements for network-compatible medical devices" can be downloaded from the right-hand column (only in German language).