Protecting medical big-data

By Daniela Previtali, Wibu-Systems.  

On 11 September 2016, a gang of three men drove up to a hospital in the quiet seaside town of Sande on Germany’s North Sea coast. CCTV recordings show the men walk into the hospital and come out again, unperturbed, with almost a million Euro’s worth of medical equipment stashed away in their bags. Brazen as this heist may seem, these days, the real danger to hospitals and medical device makers lies not in material theft, but in the risks to more immaterial goods: confidential patient data, the software operating critical medical equipment, or the intellectual property invested by medical technology specialists. Security-by-design becomes a prerequisite when lives are at stake. 

As the recent disastrous WannaCry ransomware attack revealed, healthcare providers are a prime target for the new breed of criminals trying to skim off an illicit share of the vast medical technology and health business. With the world’s population still growing at an unprecedented rate and aging at the same time, the number of people needing and deserving high-quality medical care is rising everywhere. Deloitte estimates the healthcare market to reach a full $418 billion in global revenue, as more and more emerging economies are upgrading their medical and care systems. At the same time, new technological advances are dramatically changing the nature of healthcare.

Gone are the days of the one-size-fits-all treatment, as the rise of big data paves the way for more personalized and digitalized medicine. The patient is no longer just a number in a hospital file or a faceless individual occupying a bed on a ward. Modern medicine works with detailed patient profiles to deliver customized care and perfectly targeted drugs and medical devices to cater to each patient’s specific needs. All of these advances need to be achieved with therapies and devices that are simple to use, by older and infirm patients in the case of self-medication, or by the broader medical workforce beyond skilled specialists.

What medical professionals and the new entrepreneurs and established brands in the medical technology field now need – in order to seize this unique opportunity – is the ability to deliver such individualized therapy in a way that does not compromise the patient’s physical safety or sense of trust; that rewards the complete value chain from the inventor to the maker to the distribution channel; and that is affordable and economical for doctors, hospitals, and other medical professionals. Care needs to be deliverable in smaller medical centers around the world and in emerging economies with still-developing social insurance systems, giving every potential patient basic access to the advances of modern medicine. A pricing point for the medical devices that lowers the investment threshold and ensures a reliable income for the efforts of the companies involved, while securing these same devices and the vital data in them, is the challenge of the new millenium.

Fritz Stephan, the highly respected maker of medical respirators, has acknowledged these risks, while also fully embracing the commercial potential of intelligent, connected medical devices. The company recently unveiled its new EVE (Easy Ventilator Emergency) product line with many groundbreaking features, from the simplicity of its user interfaces to the revolutionary feature upgrading capabilities, all protected with Wibu-System’s unbeaten CodeMeter technology. Lightweight, mobile, and designed for use anywhere from the scene of accidents to neonatal wards, the EVE units are easily set up for newborn, child, or adult patients and immediately ready for action. With three models available to cater for emergency response (EVETR), intensive care (EVEIN), or infants in critical need of post-natal care (EVENEO), the functionality of the system is software-realized and can easily be upgraded at the point of need.

Under the hood, Fritz Stephan relies on Wibu-Systems’ CodeMeter Embedded to protect its intellectual property and provide the licensing capabilities for feature upgrades in the field. The solution is integrated via a special SD card (CmCard/ SD) that comes with Infineon’s state-of-the-art SLM97 security controller and industry-grade Single Layer Cell (SLC) flash memory, accessed through CodeMeter’s API. As the entire EVE product line is certified to global (RTCA DO160F) and Germany’s exacting standards for medical devices (DIN EN 794-3 and DIN EN 80601-2), the technology of Wibu-Systems and Infineon integrated in them, by implication, meets the same standards. The CmCards are built directly into the ventilators and thus protected from tampering, short of would-be attackers breaking the cases apart. Together, Wibu-System’s CmCards and CodeMeter software and Infineon’s SLM97 security controller form a robust gatekeeper and rugged container to store the digital signatures, certificates, and entitlement rights that define the feature set of the respirator.

Whenever the user needs an extended set of functions – imagine a smaller hospital needing to upgrade its intensive-care EVEIN for use with a premature baby whose life is in danger – there is no need to purchase a second ventilator or even return the EVEIN to Fritz Stephan for a feature boost. The user simply buys a new license from Fritz Stephan online via the company’s implementation of Wibu-Systems’ CodeMeter License Central. One download and upgrade later, and the EVEIN has the added features of the EVENEO. The solution is a win-win outcome for all parties: Wibu-Systems and Infineon demonstrate the robustness and versatility of their technology, the user saves money by keeping the upfront costs for a limited feature set low, and Fritz Stephan has a reliable new aftersales revenue source without compromising the security of the medical devices or the protection of their intellectual property.

Fritz Stephan, Infineon, and Wibu-Systems celebrated this successful collaboration when the three partners showed up in force at Germany’s premier digital industry summit, the Digital Gipfel. Designed to raise awareness around the challenges and promises of the new digital frontier, the Digital Gipfel is promoted by Germany’s Federal Ministry for Economic Affairs and Energy and represents the culmination of many initiatives by the leading actors in the field. This year’s event gave particular prominence to several facets of cybersecurity – a topic critically important to the three enterprising companies behind the new technology at the heart of the EVE ventilators. With robust security, uncompromising ease of use, and flexible licensing to allow users to mix and match their device’s features to their needs, the EVE ventilators realize the best promises of the digital age. Hospitals might still be appealing targets for thieves, and hackers might still be trading in stolen data or trying to blackmail healthcare providers, but their illegal attempts continue to spur the development of new technological countermeasures and innovation of new business models.

Tags: , , , ,

Categories: cyber security, Vault

SUBSCRIBE & CONNECT

Subscribe to our RSS feed and social profiles to receive updates.

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: