Sign up for the QMED & MD+DI Daily newsletter.
Securing Wireless Medical Devices
Brian Buntz
June 12, 2013
3 Min Read
.svg?width=850&auto=webp&quality=95&format=jpg&disable=upscale "Securing Wireless Medical Devices")
On June 13, FDA released draft guidance proposing that the device industry prioritize safeguarding against cybersecurity threats. In a way, the draft guidance did not come as a surprise. There was already substantial evidence of the growing concern for security in wireless medical devices, as reported by the United States Government Accountability Office in 2012. The report explains that something as simple as not including assigned user profiles and password protection is one of the most common ways devices are affected with malicious attacks. This means sensitive information such as a patient's social security number or credit card number could be easily stolen.
Life-saving or -sustaining devices such as insulin pumps and pacemakers also could be at risk of being attacked. In 2011, Medtronic requested the help of online security professionals to help them patch a security flaw that could allow an unauthorized user to inject one of their patients with deadly amounts of insulin.
It is apparent that as mobile hardware becomes commonplace in the medical industry, there is a strong need to protect these devices with the proper security software and firewalls. In particular, designers and wireless medical device manufacturers need to know about security strategies for improved security for wireless medical devices. This includes focusing on developing improved firewalls or creating unique identification codes for the various medical devices. The device industry would do well to study how Unique Identification Marking, which was mandated in 2005, has been used in the U.S. military.
When it comes to security for wireless medical devices, there are a variety of promising technologies being improved, tested and implemented. Some of these include:
Improved RFID tracking of devices, which can help prevent product or data loss that could be worth millions of dollars.
Being able to protect sensitive patient and medical data. This means implementing security measures such as deep data encryption, a strong VPN and a focus on IP-SSL measures for wireless connections. While these are obviously not new measures, they still comprise vital parts of a multi-layered security strategy.
Creating unique codes that are specific to a certain patient, such as unique passwords and login information that can be created for a computer. Such technology is being created at the University of Toronto. It makes a specialized codec that is the patient's heartbeat rhythm to keep defibrillators implanted into the patient even safer.
Creating lightweight but strong firewalls on top of the OS for improved security for wireless medical devices. As stated earlier, research into firewalls is integral for any wireless medical device. There are healthcare specific firewalls and even the security experts at McAfee offer medical-specific firewalls for the security for wireless medical devices.
The topic of security for medical device applications will be featured in the Medical Design & Manufacturing Conference series. Speakers vary depending on which conference is attended, such as Stanton J. Rowe, Corporate Vice President, Advanced Technology and Chief Scientific Officer for Edwards Lifesciences at MD&M West, the next conference being on February 10 through 13, 2014 in Anaheim, California. Or there is MD&M East, which will be June 18 through 20, 2013 at the Pennsylvania Convention Center in Philadelphia, Pennsylvania and will have key guest speaker Tor Alden of HS Design talking about the importance of medical device advancement. Regardless, all of the conferences emphasize new concerns growing within the industry and how these concerns can be addressed with the right kind of technology and implementation of new industry standards.
About the Author(s)
You May Also Like
.png?width=300&auto=webp&quality=80&disable=upscale)
