Team Discussion
Connected medical devices, as part of the Internet of Medical Things (IoMT), are becoming increasingly prevalent. These devices hold the potential to greatly improve the user experience, support patient adherence and provide a wealth of data both on treatment management as well as device use.
From connected insulin pens to automated drug delivery devices and wearable smart health watches, connected medical devices are increasingly becoming a part of everyday life. As implied in their name, these appliances are those with communication and/or technological interface capacity beyond their basic independent function. Essentially, they are medical devices with added connectivity.
A medical device with connectivity features is not necessarily part of the IoMT, as the ‘internet’ aspect is still missing. However, it is a major step in that direction.
There are a myriad of benefits to medical device connectivity, including:
Connected medical devices are poised to solve challenges the healthcare industry is facing
When discussing medical device connectivity, there are both wired and wireless options. Compared with wired technology, there isn’t a ‘most popular’ wireless option, though there are many great technologies relevant to different use cases. In contrast, the most favoured wired technology, Ethernet, has been the international standard since 1983 and takes care of nearly everything we need: security (IEEE 802.1X), power distribution (IEEE 802.3at), quality service (IEEE 802.1Q) etc. It’s reliable, high-performance and low-cost. However, a physical cable must always be attached to the device. This is evidently not desirable for wearable devices, as inconvenience to the patient is a major drawback.
When moving from physical cable connectivity for connected devices to wireless technology, ensuring data and cybersecurity for connected medical devices becomes more of a challenge. Most wireless communication methods support around a 100m communication range, and it can be difficult to guarantee there will be no external attacks. Thanks to the wireless technology standardisation organisation, however, many security concerns have already been taken into consideration. For example, WIFI (IEEE 802.11) includes wired equivalent privacy and WI-FI protected access, while Bluetooth (IEEE 802.15.1) and Zigbee (IEEE 802.15.4) adopt AES to encrypt every single packet sent.
The choice of medical device connectivity method is generally based on a trade-off between its communication range, power consumption and cost. In short, the longer the range supported, the more expensive it will be; the higher the data rate supported, the more power hungry. Depending on the designed usage, the network topology and protocol stack used may also be taken into consideration.
MagicPol, a connected smart Calpol syringe developed by Team, incorporating medical device connectivity to help parents keep track of children’s medication.
Properly managed connected medical devices offer significant value to businesses and patients alike
After a connectivity method has been enabled on a medical device, deciding how to get it connected to the internet may be the next step.
The benefits of collecting device data via the internet are widely acknowledged, but there are also concerns around potential connected medical device security threats. Patients, healthcare professionals and device designers want to ensure that data is safely stored and shared, but many fear that once a device is connected to the internet, it will be vulnerable to attack.
The concern is understandable, though not always well-founded. In the cloud, we can develop algorithms to constantly monitor the state of the device, allowing us to detect if the device has been attacked or compromised, and to put necessary safety measures in place. This constant connection also allows us to manage the connected health device’s firmware, security risk and health status, therefore reducing the maintenance cost.
Without adequate controls, connectivity opens devices up to misuse, hacking and other risks. Let’s explore three of the main risks and concerns around the security of connected medical devices.
The biggest inherent risk to an electronic medical device is the exposure and subsequent theft of data. Stolen personal medical data can be used for identity theft and for blackmailing organisations. Aside from the obvious potential for patient distress, this poses serious risk of reputational and financial damage to the manufacturers of the medical devices and to the organisations holding the data.
Within the medical device and diagnostic sector, these vulnerabilities are mostly large scale attacks aimed at the connected servers, rather than targeted on a device by device basis. This is likely due to the economies of scale gained from breaching a server rather than the more time-consuming task of interacting with each device to gain data.
However, many products do not encrypt patient data prior to network communications, or fail to authenticate the network itself. This makes them vulnerable to attacks where imposters can detect any unencrypted data, to build up patient profiles using patient IDs and other sensitive health information. Such data could then be linked to data gathered through a server breach.
Unauthorised control of connected medical devices can arise from a lack of robustness in user accounts and password settings, or, in extreme cases, attacks where hackers pretend to be your server and therefore gain access to the device. Weak connected medical device security in hospital networks – for example, to allow for remote maintenance monitoring – can expose data to hackers. Examples, such as anaesthetic machines and infusion pumps, show that network connection can allow control to be taken over for malicious purposes – potentially turning off alarms or changing doses of medications.
A particular risk group are medical implants with short range radio connections to allow monitoring and settings adjustment. Some of these radio connections have been shown to be vulnerable, allowing attackers nearby to modify or intercept data transfer and inject data into the device.
In the worst case, devices such as pacemakers could be hijacked to deliver an unnecessary shock to the patient, causing harm. Although no attacks of this nature have been reported to date, a software update recall was announced for one brand of wireless pacemaker in 2017 by the FDA.
A more crude, but potentially devastating, attack technique is to completely switch off a medical function or service. This type of attack could directly impact patient treatment, or be used as an act of criminal blackmail to illicit payment. This is exemplified by a 2017 attack when MRI systems in a US radiology department were infected with ransomware, highlighting the life-or-death risks surrounding cybersecurity for connected medical devices.
Distributed Denial of Service (DDoS) attacks are also becoming a growing concern, with the security of connected medical devices at significant risk as a result. In such attacks, a hacker overwhelms a network by sending it a large number of requests and therefore prevents legitimate use.
Despite evident risks, these threats are not an inevitable cost of medical device connectivity; there are many design choices and mitigating steps which can be taken to improve the resilience to cyber-attacks.
Effective cybersecurity is not something that can be retrospectively bolted onto a medical device – security risks need to be mitigated as design activities during development. This includes adopting best practice for passwords, effective encryption of data, authentication of communications, and following the latest security regulations and best practices.
Passwords are a crucial point of vulnerability in device cybersecurity, and so the importance of robust password handling is well known. Good password hygiene practice is crucial to minimising the risk of attack, so much so that many are now recognised within device manufacturing regulations (e.g. UL-2900-1).
Password advice for connected medical device development includes:
Exposure of sensitive or personal data to unauthorised viewers risks reputational, regulatory and financial damage.
Any data stored on a device is vulnerable to extraction by hackers. The first priority in protecting data is to disable any hardware debug ports or development ‘back doors’ at point of manufacture. All stored data should be encrypted when not in use and protected by ensuring data is trusted and valid (e.g. via signature checking). Importantly, this should include the embedded firmware code which controls the device and which a hacker may seek to tamper with or replace as part of a more sophisticated attack.
Any data that can leave or enter a device is particularly vulnerable to attack. Such data should be protected by end-to-end encryption, which guards against data interception (‘eavesdropping’) or tampering to manipulate device behaviour. When using industry standard protocols that already contain encryption support – Bluetooth, for example – be sure to turn end-to-end encryption on.
All communication channels – whether to a paired sensor, smartphone, or website – should be authenticated to ensure that each connecting device is what it claims to be. This can be done through handshaking and signing protocols, which require the sharing of a known secret between two communications agents. There are established technologies in this space – such as authentication algorithms and security chips – available for adoption to support the security of connected medical devices.
There is a growing set of standards and regulatory guidance notes available to support medical device connectivity and cybersecurity development. It will become increasingly necessary to demonstrate specific cybersecurity conformances as part of the EU CE marking and FDA approval processes. Therefore, ensure your engineering teams are familiar with these standards, include them in your early requirements and risk assessments, and document all resulting design mitigations.
Be aware that there are specific sections of the General Safety and Performance Requirements in the new EU Medical Devices and In Vitro Diagnostics Regulations which specifically call out cybersecurity as requirements for these devices.
Some of the medical device specific documents in this area are:
Throughout the development lifecycle, testing a connected medical device’s cybersecurity is necessary to ensure that the security measures being taken are functioning successfully. This requires ongoing unit, integration and system level testing in preparation for formal verification at the end of development. Including security in your user and product requirements will ensure that they are overtly tested as part of your verification and validation strategy at the end of development.
Penetration testing – also known as “white-hat hacking” – by an independent security testing firm can provide reassurance that your device is secure, as well as highlighting any potential areas for improvement. This testing can also reveal any defects in non-security areas of software which could influence connected medical device security.
Once your product is on the market, you will be keeping an eye on the device as part of your post-market surveillance plan. It is crucial that this plan involves looking out for potential security flaws that are identified and providing suitable software patches for your products. Although some security flaws will be due to malicious intent, be aware of potential obsolescence of any software parts from third parties. This is especially key if your product relies on an operating system which could stop being supported by the manufacturer.
No device can ever be guaranteed 100% secure. But, by considering cybersecurity during device design, testing and post market surveillance, risks can be lowered to an acceptable level and managed successfully.
As part of the IoMT, medical device connectivity offers notable potential for new business models and revenue-generating opportunities; in fact, it is estimated that the connected health device market will reach $172.9 billion worldwide by 2030.
Connected medical devices are poised to solve the challenges the healthcare industry is facing. Improved decision-making with consistent accurate data, bottom-line savings via optimised manufacture control and greater safety via real-time reminders are just a few of the ways in which properly managed connected devices offer significant value to businesses and patients alike. The security of connected medical devices must remain a key part of the conversation. Contact us to discuss your requirements.
Looking for industry insights? Click below to get our opinions and thoughts into the world of medical devices and healthcare.
