Back to articles
Security of connected medical devices
Connected devices have the potential to transform almost every aspect of medical care. Developments such as automation, enhanced monitoring and analytics, and increased patient safety promise major benefits to the healthcare industry. But there are risks to consider.
While security should always be on the list of product development considerations, it becomes more of a priority when the connected device has a direct impact on someone’s medical care.
An insecure smart lightbulb in the home could hand control of a smart home to hackers, but the potential damage is unlikely to be too great. In contrast, an insecure blood glucose monitor could hand over control of a person’s medical condition. In the worst-case scenario, poor security of a medical device could be life-threatening.
Security, then features
The best strategy for baking in security to any connected product is to always decide upon the security level first, then design your features with that knowledge in mind. If you take a feature-first approach to product development, it may prove difficult to retrofit appropriate security. Being too eager on cool features may even lead you to choose frameworks or tools that are prone to guide your development methodology, effectively increasing the risk of leaving vulnerabilities in your product.
When it comes to healthcare devices that deal with sensitive information, this approach isn’t just sensible, it’s critical.
> Read more: Smarter medical monitoring
The two main factors to consider are the device itself – protecting the functioning and recording of data from outside influences - and the data – making sure what’s recorded by the device is what’s seen by the medical professionals, and that it’s seen only by the medical professionals and nobody else.
Connected medical devices
Medical devices need to be built to a high standard to meet the demanding expectations from patients and medical staff. When adding connectivity, what’s inside the device must be as robust as the physical casing.
Data collection needs to be error-free and safe from tampering, so that the data cannot be accessed should the device be stolen.
If a data-gathering sensor is hacked, that could prove a problem for diagnosis. But if the sensor is actively feeding back data to a device that administers medication, the consequences are much more severe.
Secure data transfer
Most medical devices tend to be small, so they’re likely to need to transfer data frequently either to a user’s phone or directly to the cloud. Data transfer must be encrypted using strong key-based authentication methods. This is of course already supported by Bluetooth low energy.
The initial commissioning of the device – connecting it to a patient’s phone, or connecting it to the cloud in the patient’s name – is a key part of the process. This needs to be both secure and simple. To make it secure some Out-Of-Band (OOB) communication is needed to protect against all kind of hijacking of the device through Man In The Middle attacks. This OOB part can be done through key input but an easier way is to use NFC. This way, you can then just touch the units together and not have to go through any cumbersome menu or OS actions.
> Read more: Secure IoT commissioning: How hard can it be?
Safe data storage
Once the data is in the cloud, it needs to be kept safe both from hackers and from unauthorized personnel. Access to the data must be controlled so that only those who need to see it can see it. More importantly the data should be locked so it cannot be altered or deleted. It also needs to be compatible with whatever computer and Electronic Health Record (EHR) systems that are in use.
There are also specific regulations to consider. In the USA, the Federal Communications Commission (FCC) will need to be satisfied that devices using radio frequencies don’t cause interference or other problems. The Food and Drug Administration (FDA) is also an important hurdle to clear.
If developing a product that you hope to sell internationally, checking legislation with each country’s healthcare and ICT bodies is a wise first step.
Who owns the data?
As well as addressing any security concerns, ethical issues around patient privacy must also be considered. If a doctor attaches a sensor to a patient, they need to be made aware of exactly what it is monitoring and the sensor must not monitor more than it needs to.
In certain cases, if a Doctor thinks a patient may not be telling the truth, it may be desirable to them to monitor, for example, the patient’s location in secrecy. This would effectively be spying on the patient and would be illegal in most countries.
Likewise, the question of whether the patient has access to the data that is being produced needs to be answered. Until relatively recently, patients had no legal right to view the notes their health professionals made about them. Nowadays, laws have changed around the world to allow this. But is the raw data from a monitor something that a patient should be allowed to access? The answers to such questions aren’t yet clear.
The potential for connected medical devices to improve the lives and outcomes of patients is huge if security and privacy are dealt with appropriately. If you decide upon the security level first and design the features around that, you increase the chances of creating a truly secure product.