At Dräger we develop technology for life. Our customers, regardless of what sector they're in, depend on this technology and expect that Dräger products will be secured against vulnerabilities that could affect the functioning of the products and the security, integrity and privacy of the electronic information and data used by the products. The security, integrity and privacy of the sensitive data of our customers, patients, and operators of our systems is deeply embedded in our development processes. However, to assist us with our development efforts, Dräger encourages and supports security researchers and customers to responsibly report to us any potential security and privacy vulnerabilities identified in our products.
Dräger maintains this product security page at https://static.draeger.com/security/ in order to provide contact details and information concerning the procedures to follow to test and report vulnerabilities.
If you encounter any issues with our products which do not implicate security or privacy vulnerabilities, or if you encounter any other issue which might affect patient, user, or operator safety, please contact your local Sales & Service representative.
At Dräger, we develop technology for life. This technology is subject to constant change and the digitization of healthcare is advancing rapidly. We are helping to shape this change in order to make digital technology have a positive impact for patient care and hospital economics. Today and even more so in the future, medical devices and systems will be connected to networks to interact with each other, enabling new clinical applications. As the cybersecurity threats and risks to internal and external healthcare environments continue to increase, well establish security controls are required for adequate protection of patients and patient data. Our position paper on cybersecurity for medical devices and systems will provide you with details on how security is being implemented in the development of our medical devices.
You can reach us at
product-security@draeger.com. Please use our PGP public key to encrypt your email submission to us! The public key can also be found on public key servers by the key id 12FF 9F68.
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2 mQENBFW13s0BCACpNJ/JdRqB0YTETd+u2awOZ9vocoqlZcJK2nCzgPcWkSjeYOdA Ja2ODkVq6Qv+yJa4aoqYnW3A4vTB6P7Zt1iPxj594QRdCMbMDi58TuYVZL64tuCS DnVl0kJ2r9kND84Yg5KOraOHEJK2n1yN1eNy0SKYj5ndJhrEwQLAsTwISzTSAFDI 8ggIJE1JgXTxxlHSUH1gAoFs4qb12vTE5EYMJr3kqNHqaK+ev+qEkOt5Lnhn8Q1Y ARdEej4ajTZYWGJB+SFBlE0YqEdaPzlCPpFWGJlgCry+LNDQLhaCR7Arx/p0U7Gv qFHDzTiVGPNle+nVbTGh3ajxGgnQ1Lt3za4VABEBAAG0N0RyYWVnZXIgUHJvZHVj dCBTZWN1cml0eSA8cHJvZHVjdC1zZWN1cml0eUBkcmFlZ2VyLmNvbT6JATkEEwEI ACMFAlW13s0CGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRDlQRP4Ev+f aOHlCACGo3cHraL9VEFGmJmAVizx9LNlBmiTi4C3o4r0yXAHCF2Lm6LpxYGq7y3D Qy6LS+Br+aIyq3wkkMRvAfc0zA2ycpEzTjzghmLCYoQCKUSEkw2aetxeDpQyknA4 40xY2cD6i5Poot29wIe0kt3bzVqn1vvuvcCnswgkbrZfO2J40m/w4YfaD8AK3o35 ae6sSYcP+8KBLp/z+ggPnaMHXxapUKgwt7L5gMtqfhILPLS+ZAJaseY7OVzlmxdh dlNnTdxziC1fqXNKBlk6dm3aNnGgJ5R6hQBR0L00n88p4lXx0msgYSPQZf6bMZhS jm3ur3mX7vLDTiw2yza9I5oV9lvNuQENBFW13s0BCAC1qqvHmoM4mtoLTLTUek9H hbeXgaxSuo/KRom/Pc3l/cCNNzWqiFCHlgqjfCK7SWfi6n13c21O5WN4wPAQ/Z1X DcLgsjYJN8ijUq+WuRUDxEUDfmR0O7QLxUvA3ftNlhYGtWNUOCvRj7P+Bn2w2+Nh y4/QxbqOSO0Xt3g8FGhoSfiLTto7CK99Ufbhba+ztRoIlvqDbv/1i5UfCAST6CvX 5pEH4OHBF1Iw/yYHce5l9IHP4D7PkVmsoa57Xi0kfbg5CiIxO8HNHbvm8QKQ0gWt 4QEiOSLI768Gkg5Cm6S3pzIAYow/0gum016xmZKeY31yDUA4ctofXllOXHRuu/Zb ABEBAAGJAR8EGAEIAAkFAlW13s0CGwwACgkQ5UET+BL/n2jc/ggAplo61bDcGmxQ rOSVhuQYXRu6p6XCDGo5Vc55LGxrcXVkos0M0LVCtFyPd6j7kizY2OzBRO7ofU/J IrjPC/weUJAgz6loOHNqxK8pV/m77OeoTPGOn+8w5XEvXtrMl15Wo0l7Hf4IriYf SPUn3BiUHkFOLyGLpC+yhkqBDVfVcGkItKUPrRwQJCFcHBd3uxlKKcW4PeZSEvno fXguXLqFP120eRIltf656sTUeNSsW5d34152LWBDiY3bnhwaM/nC14Uh9N31veEZ ET6zxjor6LOrCukbtRe9rUd0wAUaPReOLnXgOi2+ZMnxchmzJ7Z6ZJtkI72aGA1N lhxfjIZuFg== =hZ0n -----END PGP PUBLIC KEY BLOCK-----
Please follow these guidelines when reporting a security or privacy vulnerability. The faster we can verify and reproduce the issue, the faster we are able to react.
While we value your investigation efforts, please conduct testing in safe environments.
We want to make sure that users of our systems are not unnecessarily put at risk. If you plan to publicly disclose a potential vulnerability, please inform us of your plans. We encourage you to work with Dräger to coordinate or synchronize the public release of information.
If the vulnerability is verified, Dräger will give credit to the researcher reporting the vulnerability in the published security advisory, if requested.
In case you decide to share any information with Dräger, you agree that the information you submit will be considered as non-proprietary and non-confidential and that Dräger is allowed to use such information in any manner, in whole or in part, without any restriction. Furthermore, you agree that submitting information does not create any rights for you or any obligation for Dräger.