Silke Zimmermann
Assistant Investor Relations
T: +49 (0) 6172 608-2464
silke.zimmermann@fresenius.com
Karen Janek
Assistant Investor Relations
T: +49 (0) 6172 608-2487
karen.janek@fresenius.com
The Fresenius Group consists of several independently operating business units. Statements reflect analysis performed on products developed by one or several business units.
2024
Publication Date : 19 December 2024
Update Date: -
Fresenius cybersecurity statement for devices tested against the "OpenSSH" CVE-2024-6387 vulnerability.
Publication Date : 10 April 2024
Update Date: 19 December 2024
Fresenius cybersecurity statement for devices tested against the "BLUFFS" vulnerability.
2023
Publication Date : 24 November 2023
Update Date: -
Fresenius cybersecurity statement for devices tested against the "CVE-2022-45611" vulnerability.
2022
Publication Date : 11 July 2022
Update Date: 19 December 2024
Fresenius cybersecurity statement for devices tested against the "MSDT Follina" vulnerability.
Publication Date : 29 June 2022
Update Date: -
Fresenius cybersecurity statement for devices tested against the "Access:7" vulnerability.
2021
Publication Date : 21 December 2021
Latest Update Date: 09 June 2022
Fresenius cybersecurity statement for devices tested against the "Apache Log4J" vulnerability.
Publication Date : 24 November 2021
Latest Update Date: -
Fresenius cybersecurity statement for devices tested against the "NUCLEUS:13" vulnerability.
Publication Date : 12 October 2021
Latest Update Date: -
Fresenius cybersecurity statement for devices tested against the "INFRA:HALT" vulnerability.
2020
Publication Date : 06 July 2020
Update Date: 09 July 2020
Fresenius cybersecurity statement for devices tested against the "Ripple20" vulnerability.
Submit a report
Contact
Fresenius SE & Co. KGaA
Else-Kröner-Str. 1
61352 Bad Homburg v.d.H.
Germany
cert@fresenius.com
Fresenius is a global health care group with products and services for hospital and outpatient care. With over 190.000 employees in more than 100 countries and annual sales of more than 22 billion euros, Fresenius is one of the world´s leading health care companies. Connecting medical devices via the internet to hospital networks, mobile products, and other devices or hospital systems also introduces potential cyber security and patient safety risks that must be addressed.
The Fresenius Group is committed to ensuring the security of our products and services for customers, donors and patients. To us, this means:
- Protecting the security and safety of patients.
- Complying with federal, territorial, state, and local laws.
- Protecting the confidentiality, integrity, and availability (CIA) of information associated with Fresenius connected medical devices and information.
Across Fresenius business units we continuously strive to improve security and protect information throughout the product lifecycle. One way in which we do this is by collecting vulnerability reports through a formal CVD process.
At Fresenius, we believe industry collaboration is essential to making our products more secure by design. Whether our partners are customers managing the cyber security in their own environments, the cyber security research community helping us better research and evaluate emerging threats, or security vendors identifying practical security solutions, we appreciate the opportunity to work together.
We encourage vulnerability testing by security researchers and by customers, with responsible reporting to Fresenius. We maintain a product security page with information on coordinated vulnerability disclosure at Vulnerability Report Advisories.
What you can expect from us
-
We will confirm the existence of the vulnerability to the best of our ability and be as transparent as possible
-
We will maintain an open dialogue to discuss issues
-
We will not share your name or contact information without your permission
Questions
Questions regarding this policy may be sent to ProductSecurity@fresenius.com. We also invite you to contact us with suggestions for improving this policy.
Scope
This vulnerability disclosure program is:
- applicable to all products manufactured and sold by the Fresenius Group
- not applicable to Fresenius IT infrastructure including webpages
Guidelines
- Notify us as soon as possible following the discovery of a real or potential cyber security issue
- Make efforts to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data
- Only use exploits to the extent required to confirm a vulnerability´s presence, without compromising or exfiltrating data, establishing persistent command line access, or using the exploit to pivot to other systems
- Provide us a reasonable amount of time to resolve the issue before you disclose it publicly
Reporting a vulnerability
- we accept vulnerability reports via our Coordinated Vulnerability Disclosure form. Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 7 business days.
- we suggest operating these programs in a manner consistent with existing cyber security standards, specifically in regards to utilizing forms of encryption (e.g., hashing, PGP encrypted email). For paticulary sensitive information, submit trough out HTTPS web form.
- By submitting a vulnerability, you acknowledge that you have no expectation of payment and that you expressly waive future pay claims against Fresenius related to your submission.
What we need from you
To help us triage and prioritize submissions, we recommend that your reports:
- Describe the situation the vulnerability was discovered and the potential impact of exploitation.
- Provide a technical description of the potential vulnerability, including:
- Available information on which specific product you tested, including product name and version number; the technical infrastructure tested, including operating system and version; and any relevant additional information, such as network configuration details or proof of concept.
- For web-based services, provide the date and time of testing, URLs, the browser type and version, as well as the input provided to the application.
- Submit disclosure in English, if possible.
- Be aware that security testing may have side effects on the product that are not apparent. When in doubt, decommission the device and contact Fresenius.
- Use a vulnerability only as needed to demonstrate it if identified.
- Submit contact information for further exchange and communication.
Likewise, we require that you:
- Never perform security testing on devices actively being utilized for patient care delivery, diagnostics or monitoring, or on those systems that will be utilized for patient care delivery after your investigation.
- Avoid testing that could impact patients and donors, cause a privacy issue, or damage equipment.
- Engage in vulnerability testing within the scope of our vulnerability disclosure program in accordance with the terms and conditions of agreements entered between Fresenius and individuals.
- Never build your own backdoor in an information system with the intention of then using it to demonstrate the vulnerability, as doing so can cause additional damage and create unnecessary cyber security risks.
With our interactive tool you can analyze and graph a variety of key figures of the Fresenius Group and the business segments on an annual basis.
Contact
Vice President Investor Relations
Deputy Head of Investor Relations
T: +49 (0) 6172 608-5167
florian.feick@fresenius.com
With our interactive tool you can analyze and graph a variety of key figures of the Fresenius Group and the business segments on an annual and quarterly basis.
Contact
Vice President Investor Relations
Deputy Head of Investor Relations
T: +49 (0) 6172 608-5167
florian.feick@fresenius.com
Related Links
Alternative Performance Measures
People's life expectancy is increasing - and the world's population is growing. That is why high-quality medical care is becoming increasingly important. Fresenius is committed to providing access to high-quality and affordable therapies to as many people as possible worldwide. We believe equal opportunity in healthcare is a moral obligation and an economic benefit to society.
Fresenius has subsidiaries in more than 60 countries, maintains an international distribution network and operates more than 50 production sites. Our products are often used to treat people who are suffering from serious or chronic diseases. Our task is to ensure the safety and quality of our products and services and to meet the highest safety and quality standards for all processes and therapies.
Our range of products and services includes the services of a comprehensive network of hospitals, post-acute care solutions - such as rehabilitation - and high-quality drugs and medical products. We also embrace digitalization and develop advanced therapies, and measures designed to expand primary care in emerging and developed countries.
Fresenius Kabi specializes in products for the therapy and care of critically and chronically ill patients. The extensive range of intravenously administered generic drugs and the biosimilars products with a focus on autoimmune diseases and oncology are affordable alternatives to original drugs. Fresenius Kabi thus gives patients access to modern, high-quality and affordable therapies. The product portfolio also includes clinical nutrition and infusion therapies as well as the associated medical devices for application. In the field of transfusion medicine and cell therapy, the company offers products for collection of blood components and extracorporeal therapies.
Fresenius Helios is Europe's leading private healthcare service provider and offers the full range of medical services with its acute care hospitals, outpatient clinics, and other healthcare facilities. Our international hospital network enables Fresenius Helios to transfer knowledge between healthcare systems in Germany, Spain and Latin America with regard to affordable healthcare of high-quality, and with very high standards of service and patient experience.
Healthcare in crisis situations
As a healthcare Group, we have to be crisis-proof in all areas and respond flexibly to unforeseeable challenges: it is our task to enable unrestricted access to our services and seamless care for patients even under difficult conditions. To ensure this, we have established high-performance as well as resilient emergency systems and programs in our business segments.
Corporate social responsibility
The ambition to provide access to healthcare for as many people as possible worldwide and to continuously improve it is pursued by us with our social commitment. The Fresenius Group supports various regional or local initiatives. In the U.S., Fresenius Kabi has a more than 10-year relationship with Americares. The business segment helps the non-profit organization support people impacted by poverty or disaster build better lives through better health. It does this through financial support and in-kind (product) donations for missions in both the U.S. and internationally.
Contact
If you have any questions about sustainability, please contact us:
sustainability@fresenius.com
Our success is built on the dedication of our more than 176,000 employees around the world. Their achievements, skills, and dedication help our business segments to hold leading positions in their respective markets. At Fresenius, we want to continue attracting, retaining, and developing talent. To this end, we need to build on our position as an attractive employer in a market environment characterized by a shortage of personnel.
What’s going to help us achieve this is our corporate culture in which every employee is treated equally and given the same opportunities to grow professionally, as well as a modern hybrid working environment, and attractive benefits. In all aspects of our operations, we aim to comply with internationally recognized labor and social standards. This is set out in our Code of Conduct and our Human Rights Statement.
Our Culture
At Fresenius, we promote a culture where every employee is treated equally and given the same opportunities to grow professionally and perform at their best. We recognize that our employees are our greatest asset. And we are convinced that combining different perspectives, opinions, experiences, cultures and values enables us to harness the potential that will make our company even more successful. Therefore, we foster international and interdisciplinary cooperation throughout the Group.
As a global company, the variety of our markets and locations is reflected in our workforce, which includes employees from more than 150 nationalities. The Group and its operating companies design HR development programs tailored to the requirements of their respective business models and regions. One size does not fit all - we are driven by the ambition to understand and respond to unique situations and individuals.
Our management consciously opposes all forms of discrimination. This commitment extends equally to employees, business partners, and patients. We work in an atmosphere of mutual respect, where our interactions are open, fair, and appreciative. We do not tolerate insults, humiliation, or harassment in our daily work, whether internally or externally. These values are enshrined in the Fresenius Code of Conduct, which is binding for all employees. This Code clearly articulates our stance and lays the foundation for team collaboration and corporate culture.
Employee journey
We offer our employees the opportunity to develop professionally in a dynamic international environment. To this end, we use different concepts and measures for personnel development aligned with their own market structures. We constantly adapt our approaches to current trends and requirements.
Attracting and retaining outstanding talent is crucial to our success. That's why our HR development measures are rounded off by segment-specific talent management and further individual training offerings for employees and managers.
Health and Safety
As a healthcare Group, we are responsible not only for the well-being of our patients, but also for the health and safety of our employees. We have implemented management systems and measures throughout the Group to prevent employee accidents and work-related illnesses. Creating a safe and healthy working environment is our priority.
Prevention is our guiding principle; this is why we offer our employees comprehensive programs that promote their health and prevent occupational diseases.
Occupational safety concepts are adapted to the specific business models of each business segment. Our concepts focus on occupational health and safety within production, as well as occupational health management for employees in our healthcare facilities or administration.
Employee engagement and dialog
Trust and cooperation between management, employees, and employee representatives is well established at Fresenius and is an integral part of our corporate culture. We aim to support our employees in their engagement, nourish their ambitions and actively offer development opportunities. In addition, an open and ongoing dialog between management and employee representatives, as well as unions, is important to us.
In recent years, we have established various dialog formats to strengthen communication between management and employees – both at Group level and in the individual business segments. This allows the Management Board to provide employees with information on important issues personally. In addition, we promote our feedback culture and the constructive exchange of ideas.
A key tool for measuring the success of our leadership and communication initiatives is the Employee Engagement Index.
Contact
If you have any questions about sustainability, please contact us:
Fresenius Careers
What we offerer at Fresenius
Digitalization holds great promise in the areas of automation, big data and artificial intelligence (AI). The MedTech market is shifting towards a focus on connectivity and integration, moving beyond product-centric approaches. The tech paradigm shift is driven by advancements in technologies like AI, Internet of Medical Things (IoMT), and predictive analytics. The rise of new technologies is accompanied by the generation of a vast amount of real-time health data, leading to a paradigm shift in data. Health data combined with advanced analytics are key elements for the implementation of predictive, personalized, preventive, and participative medicine, an approach that will leave a mark onhealth delivery and significantly improve treatment outcomes.
Digital trends
Our markets are changing rapidly. This is particularly true with regard to digital trends in healthcare, which have been further accelerated in response to the COVID-19 pandemic. We are seeing increasing demand for new digital services along the entire value chain. Patients increasingly want to receive remote diagnosis and healthcare services on demand. Data-driven decision-making is increasingly integrated into everyday clinical practice, and the proportion of digital components in medical devices is growing. The associated cybersecurity risks also highlight the need for standardized and resilient IT infrastructures.
Digital processes and applications
We develop devices and applications in various medical fields to support ongoing digitalization, for example, in hospitals. These solutions not only have to be optimized in their core functions, but need to be embedded into the specific IT systems of healthcare facilities. To this end, we will continue to focus on increasing the share of software in medical technology and its application area.
Digital solutions are continuously being developed along the entire value chain to make internal work processes more efficient and simplify them. In various areas, such as compliance, supply chain, purchasing, and production, we are increasingly relying on intelligent automation and AI to improve business processes in administrative functions, e. g., by using chatbots, intelligent document processing, or recommendation and prediction applications. We have already implemented various solutions and identified potential savings that can be successively realized. Since September 2023, a chatbot has been supporting the global IT service desk, through which IT problems can be reported and, in some cases, resolved directly.
Innovation
The Fresenius Group sees innovations as a driver for aligning products and services with the changing needs of patients, for consistently improving them, and for continuously adapting them to the respective market conditions. The aim is to offer patients high-quality, safe, and innovative products on a global basis.
We pursue an integrated approach to innovation: it takes place along our value chain on key topics. Innovation leads to:
- Improved access to healthcare
- Modernization and digitalization in healthcare
- Improving treatment options through research, telemedicine, and artificial intelligence
In this way, we aim to strengthen our position with a focus on innovation in the healthcare sector, recognizing the importance of the services of our employees they provide to society.
We increasingly focus on the opportunities offered by digital solutions. Through innovative, safe, and user-friendly products and systems, we can further improve the quality and efficiency of treatments.
Contact
If you have any questions about sustainability, please contact us:
sustainability@fresenius.com