Smart Medical Devices are the Wave of the Future
Smart medical devices are increasingly part of how specialized treatment is delivered to patients today. These devices are revolutionizing medicine, making procedures more accessible and enabling physicians to better monitor how patients respond to treatment. In this blog we discuss the security challenges involved in deploying smart medical devices, from surgical robots to insulin pumps and pacemakers.
We are Already Starting to See the Benefits
One of the significant benefits of telemedicine is immediate remote access to medication in life-threatening situations. Pacemakers that doctors can remotely monitor and maintain to identify problems before a heart attack occurs, and insulin pumps that can be adjusted wirelessly, giving patients more control and better care, are already a reality. Robotic-assisted surgeries are already a reality, and according to the Mayo Clinic, they allow doctors to perform many types of complex procedures with more precision, flexibility and control than what is possible with conventional techniques.
Looking forward, remote surgeries will soon be commonplace. Imagine a doctor conducting surgery on a patient with a surgical robot without being present other than sending the instructions to the robot securely. That is the telemedicine of tomorrow powered by the Internet of Things (IoT) and smart medical devices. Internet of Medical Things (IoMT) or healthcare IoT has the potential to significantly disrupt the healthcare industry.
With the Benefits Come Security Concerns
Smart medical devices are being deployed at a rapid pace, and what this means is that security, privacy, and safety concerns need to be addressed now. Deloitte surveyed 237 medical technology leaders to learn how the IoMT is disrupting their role in healthcare. More than half (51%) of respondents said they are implementing new business models to drive innovation and sales. The study also found that the IoMT market is expected to reach $158 billion by 2022, but are smart medical devices digitally safe? With ever-increasing numbers of these devices being deployed, one has to wonder:
- Can we trust these devices to be legitimate?
- Are they being authenticated and authorized?
- Will they perform their tasks as prescribed?
- Is patient data and privacy always protected?
How to Make Smart Medical Devices Secure
Deploying smart medical devices with confidence requires that the integrity of devices, the software they run, and the data they collect is maintained across the entire system. It also requires those responsible for delivering the services to always remain in control of the processes at all times. To secure the increasing number of connected smart medical devices, the following procedures need to be in place:
1. As with any other connected device, smart medical devices receive their initial identity in the form of a digital certificate, when they are first manufactured, and this manufacturing process must be controlled and certified to avoid counterfeiting.
2. Once these devices are brought into the ecosystem of the healthcare organization, the organizations must use their digital certificates to identify and authenticate the devices before they are calibrated to perform their intended functions.
- To enable continued trust once the devices become operational, software updates must all be digitally signed. This ensures the integrity of the code and protects against unauthorized injection of malware.
Securing Medical Devices and Patient Safety
Are the Smart Telemedicine devices and applications secure enough for patient safety? So far, the cybersecurity model has evolved as an afterthought, heavily focused on detect and respond methods more than a prevent and protect approach. Everyone knows that there are shortcomings in today’s cybersecurity landscape, hence why security breaches continue to be on the rise irrespective of technology advancements, and billions of dollars invested. The current IT security models continue to fail, and still focus on data losses and access to services, rather than the safety issue. IoMT goes beyond security and also consider patient safety.
Imagine a healthcare device you are using is under a hacker’s control. Could they send a lethal dose of medication to your medical device? In August 2017, the FDA announced the first-ever recall of a medical device (a pacemaker) due to cyber risk. In July 2015, the FDA issued an alert highlighting cyber risks related to infusion pumps. To ensure the safety of patients and protect the privacy and integrity of the data, the FDA released a new guidance that addresses the steps manufacturers must follow in order to protect smart medical devices and data against cyberattacks. IoMT is calling for a new security model with a Secure by Design approach, one that from the very beginning is based on a Root of Trust.
Addressing the security challenges for telemedicine and smart medical devices
The security for smart medical devices and the broader ecosystem starts with the right foundation of trust based on verifiable device identities through a robust public key infrastructure (PKI). The typical steps involved in securing a medical device are:
- Provisioning and managing device identity and integrity at IoT scale (hundreds of thousands of devices, with the potential for millions)
- Implementing end-to-end data security / privacy independent of the network
- Providing assurance that all the parties (devices, people and applications) involved in delivering the service are authenticated and authorized
The unique need for healthcare or for any security conscious smart device is the ability to couple the Device Trust and Data Trust. If the device and data it collects can’t be trusted, there is no point in wasting resources collecting it, analyzing it and worst of all, making decisions and sending the wrong controls. Imagine if a doctor or clinician adjusts the wrong dose of medication to connected healthcare device?
Securing the telemedicine eco-system and patient safety
Device Authority and nCipher Security are helping secure medical devices. Our joint Healthcare IoT Security Blueprint provides the requirements, components and guidelines for secure and safe deployment of IoT technologies in healthcare. As a leading provider of secure identity and access management solutions, Device Authority enables end-to-end security architectures that scales to meet today’s demands. The KeyScaler Platform provides trust for medical and other IoT devices using breakthrough Dynamic Device Key Generation (DDKG) and PKI Signature+ technology. Integrating with nCipher’s nShield Hardware Security Modules (HSMs), the combined solution protects and manages critical cryptographic keys that form the root of trust for the entire ecosystem.
To learn more about securing connected devices, including how to design and deploy scalable credential management systems with a root of trust, visit us at LiveWorx – Boston 2019 (Booth No. 833) and register to attend our live conference sessions:
- What if your smart connected product gets hacked? – Five tips for securing the IoT and smart connected products – add to schedule
- Doctor, is my medical device safe? – IoT security in healthcare and beyond – add to schedule
- Cyber Security and Cyber Safety for the Internet of Things – add to schedule