Securing network communication
The biggest attack vector for network-enabled medical devices is an attack on the communication channels and the associated data exchange and processing. In this case, an attacker has the possibility to read or manipulate this data. To secure communication, an analysis is first necessary. Based on this, the planning and technical implementation of the data transmission takes place. Taking into account current protective measures and cryptographic procedures, the data should be secured on the basis of the protection goals.
Preventing the disclosure of information
In addition to the protection of data transmission, the protection of the medical device including the host system must also be taken into account. System-based vulnerabilities enable attackers to obtain information about the communication and the security features used, which can be used to attack this network connection.
Detection of attacks
Despite the use of current security standards and their conscientious implementation, potential attacks on unknown vulnerabilities cannot be ruled out. Therefore, the implementation of a system to detect potential attacks is recommended. It analyses the use of the medical device and its communication channels. Based on this data, it also detects irregularities that could indicate an attack. In addition to detection, this also serves to understand the course of an attack and its attack vector in order to be able to initiate concrete countermeasures based on this.
Ensuring basic functionality
Medical devices should ensure their basic functionality even without an active network connection or in the event of a potential attack. The highest protection goal, and thus central to cybersecurity issues, is to safeguard the health of patients.