Recommendations; Cybersecurity Information And Recommendations - Dräger Infinity M300 Series Instructions For Use Manual

Cybersecurity information and recommendations

Dräger provides the following security information and recommendations:
 Dräger recommends always following network security best practices, such as:
– Maintaining software
– Segmenting via firewalls
– Closing unused ports
– Restricting user permissions
– Limiting third party access
– Monitoring network activity
 Dräger recommends the use of WPA2-Enterprise/EAP-TLS to provide for strong authentication and
data protection for wireless communication between M300/M300+ and 802.11 access points. With this
protection, clinical data will be secure in a wireless encrypted tunnel. Customers configuring wireless
infrastructures with WPA or WPA+WPA2 will cause the M300/M300+ to use the deprecated TKIP ci-
pher which may compromise security. Dräger recommends configuring the network infrastructure to
use WPA2 only.
 Dräger uses TLS-PSK in Secure mode to provide for authentication and data protection for network
communication between M300/M300+ and ICS. With this protection, clinical data will be secure in a
wireless encrypted tunnel.
Without these measures there is an increased risk that critical events may go undetected in cases of
malicious attack, which could result in patient harm.
 Dräger recommends that the responsible organization install and operate Infinity monitoring devices
on separate, isolated, VLANs to reduce risk from network security vulnerabilities. Use of QoS with
M300/M300+ is required to ensure optimal network data transmission.
Without these measures there is an increased risk that critical events may go undetected in cases of
malicious attack, which could result in patient harm.
 The M300/M300+ device provides logging of software resets and presence of multicast. M300/M300+
error logs may be obtained using the device web page or via connection to SFTP, or a serial
programming cable and appropriate terminal software. If errors are observed, report the condition to
the hospital's biomedical and IT departments.
 Dräger recommends renewing PSKs periodically for higher security.
 For servicing Dräger patient monitors and connecting to the Infinity network, Dräger recommends
using a dedicated service laptop.
 The device configurations can be recovered by one of the following methods:
– Programming cable with password
– Use SFTP with password
– Manually discharge patient, re-admit and configure settings
– Manually configure settings at the M300/M300+
Instructions for use – Infinity ® M300 and M300+ series – VG3.0
Cybersecurity
23