0

We have a system where medical devices are connected to an internal network (Ethernet, TCP/IP stack). Data from the medical device needs to be transmitted to the server over this internal network. This internal network is not connected to Internet!

I was wondering if SSL/TLS will be indeed required here! What should be a good and optimal measure here for ensuring a secured communication?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Akhilesh Gupta
  • 163
  • 9
  • The question you need to ask, which will provide clarity for you, is "secure from what?" – schroeder May 20 '20 at 13:14
  • What you are describing is an air-gapped network. See https://en.wikipedia.org/wiki/Air_gap_(networking). Even air-gapped networks are susceptible to attacks such as social engineering, etc. If HIPAA laws apply to the data that you are collecting from the medical devices, then HIPAA would require that this data is encrypted while in motion and while at rest, even on your air-gapped network. HIPAA even goes as far as requiring encryption on removable backup drives. Even if HIPAA does not required in your case, you might want to consider following HIPAA guidelines as a best practice. – mti2935 May 20 '20 at 13:26

0 Answers0