Today the final report of the @BSI_Bund project #ManiMed was published in which we at #ERNW as contractor examined medical devices for security vulnerabilities.
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/DigitaleGesellschaft/ManiMed_Abschlussbericht_EN.pdf?__blob=publicationFile&v=3
Vulnerabilities in IT systems can exist at any given time. Security vulnerabilities in networked medical devices are usually of great concern as their exploitation could have an impact on patient safety or on their environment, e.g. hospital network.
This project’s objective is to assess the current state of the IT security posture for network-connected medical devices that have recently been approved for the German market and IT security-related processes.
Since the German market of connected medical devices has grown over the last years, a market analysis was performed to identify relevant medical devices for the assessment.
These four constraints/requirements have to be met for devices subjected to IT security assessments apart from the fact that the selected device categories are dependent on high security postures due to their impact on #patientsafety.
The selected devices were evaluated in an IT security assessment. The identified vulnerabilities were responsibly disclosed. The project partners worked closely together with the manufacturers to ensure a timely fix for the more than 150 vulnerabilities.
The assessed #medicaldevices during project #ManiMed were:
Some of the respective vulnerabilities and @ICSCERT advisories are already public. Others will follow in the near future.
Examplarily, our #ERNW White Paper 69 – "Safety Impact of Vulnerabilities in Insulin Pumps" shed light on the vulnerabilities identified for the Dana Diabecare RS insulin pump. https://insinuator.net/2020/09/white-paper-69/ via @Insinuator
ERNW White Paper 69 – Safety Impact of Vulnerabilities in Insulin Pumps

With this blog post I am pleased to announce the publication of a new ERNW White Paper [1]. The paper is about severe vulnerabilities in an insulin pump we assessed during project ManiMed and we are...

https://insinuator.net/2020/09/white-paper-69/
Further, we already published a blog post concerning HL7v2 Injections in Patient Monitors. https://insinuator.net/2020/04/hl7v2-injections-in-patient-monitors/ via @Insinuator
Medical Device Security: HL7v2 Injections in Patient Monitors

Digital networking is already widespread in many areas of life. In the healthcare industry, a clear trend towards networked devices is noticeable, so that the number of high-tech medical devices in...

https://insinuator.net/2020/04/hl7v2-injections-in-patient-monitors/
ICS Medical Advisory (ICSMA-20-254-01): Philips Patient Monitoring Devices. September 10, 2020. Online: https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01
ICS Medical Advisory (ICSMA-20-296-02): B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus. October 22, 2020. Online: https://us-cert.cisa.gov/ics/advisories/icsma-20-296-02
ICS Medical Advisory (ICSMA-20-296-01): B. Braun OnlineSuite. October 22, 2020. Online: https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01
You can follow @jsuleder.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.