CARESCAPE Monitor B850
24
2106778-001
The patient monitor performs integrity checking on the root file system to detect any
changes to the file system contents. Any modification to the root file system contents will
generate an error to the patient monitoring software application. The patient monitoring
software will then display a technical alarm to the user.
• Device design and configuration (hardening)
The patient monitor has been hardened through the restriction and removal of user
access to core operating system functionality. In addition, unneeded functionality has
been removed or restricted.
• Antivirus software
To provide seamless real-time patient monitoring, the patient monitor does not have
antivirus software.
• Security updates and patching processes
Security updates and patches cannot be applied to the CARESCAPE product without
going through GE’s vigorous software verification and validation process. Any software
update needs will be communicated by GE.
3.6.2 Security operations
Network security
GE requires that the MC port of the patient monitor be connected to a physically or virtually
dedicated CARESCAPE Network MC or S/5 Network, isolated from all other networks.
GE requires that the IX port of the patient monitor be connected to a physically or virtually
dedicated CARESCAPE Network IX with controlled connection to the organization’s general
purpose computing network. Traffic between the organization’s network and IX port of the
patient monitor must be limited to the following packet flows listed below.
Inbound
Packets that are part of the communication initiated by authorized devices in the
organization’s network are allowed to go out of the IX Network (reflexive).
Source device Destination device Protocol Destination port Use
Any
Patient monitor
icmp N/A ping
Customer
defined
tcp 10000 Webmin
Customer
defined
tcp 10001 Software
transfer
DHCP server tcp 67, 68 DHCP
To Next Page
Loading...
