Connected medical devices have revolutionized access to healthcare solutions all over the world, and many of us are thankful for it. Connected medical devices offer various advantages, including enabling more proactive and better patient-centered care for more vulnerable populations, such as the chronically ill and elderly. And more and more of these devices have become accessible; in fact, their larger adoption is only forecast to rise in the coming years. This year, for instance, it is believed that:

• The healthcare sector will take up 40% of the IoT technology industry.
• According to the IDC, there could be 82.5 million wearable medical devices sold, which marks a 31% increase from 2016.
• The average person will have 5 or more connected devices, some of which will be used for connected health.

Consumers and medical professionals alike are also getting warmer to the idea of using these devices. According to market data:

• 80% of physicians are already using their smartphones in their professional practice
• 68% of physicians believe that at-home diagnostic tests can deliver better results for their patients
• 55% of people are open to sharing information if it helps cut back on their healthcare costs; and
• 50% of people feel comfortable about digitally communicating with their doctors

However, connected medical devices come with rather significant security risks. The ‘Cybercrime tactics and techniques: the 2019 state of healthcare’ report from Malwarebytes Labs found that the medical sector is the 7th most targeted global industry, as per data gathered from October 2018 to September 2019. There are many possible reasons for this, foremost of which are the healthcare industry’s large EHR databases, high number of endpoints and other devices connected to one network, and their absence of a comprehensive and sophisticated security model. And when healthcare data is compromised, it can mean anything from a disruption in critical procedures to patient death.

Manufacturers of connected medical devices must thus make sure that security-by-design is among their topmost priorities.

How to Design Secure Connected Medical Devices

Adopting the right design principles and approach will go a long way towards securing connected medical devices. Today’s manufacturers must take several factors into account to provide holistic protection for consumer data, establish protocols for disaster recovery and other emergency events, and proactively detect and resolve threats and issues. Two of the most important aspects are as follows.

Identifying Requirements

Designing security into wearables and other medical devices should start with a comprehensive definition of requirements. The National Institute of Standards and Technology has a cybersecurity framework, which is recommended by the FDA for premarket guidance, that enlists best practices for identifying, protecting, detecting, responding to, and recovering from cybersecurity threats. Additionally, manufacturers should work towards designing according to desired properties, as opposed to available implementation solutions.

Choosing the Right Components

Once cybersecurity requirements are managed, the next step in the design phase is the proper selection of the right components. Architecture, for instance, must be geared towards using the least number of interfaces possible to mitigate vulnerabilities that crop up even in strong perimeter defenses. Partition of interfaces is also ideal, such as that provided by separation kernels and real-time operating systems. Similarly, managing device privileges must be done so that critical software services are not compromised if a breach does happen.

Voler Systems specializes in designing and manufacturing wearables and IoT devices that mitigate various risks to ensure lasting functionality for product suppliers and consumers. For four decades, we have harnessed the best of utilizing clear and complete specifications and effective risk management with our team of senior design engineers to deliver products that are on-budget, on-time, and low-risk. Visit www.volersystems.com to learn more.