February 13, 2019

“Doctor, Is my Treatment Secure?” – Ensuring Your Medical Devices Keep you Safe

Treatment Secure

Smart Medical Devices are the Wave of the Future

Smart medical devices are increasingly part of how specialized treatment is delivered to patients today. These devices are revolutionizing medicine, making procedures more accessible and enabling physicians to better monitor how patients respond. In this and the accompanying blog written by Rao Cherukuri, CTO from Device Authority, we discuss the digital security challenges involved in deploying a whole gamut of smart medical devices, from surgical robots to embedded insulin pumps and pacemakers, to name a few.

According to an article in the Journal of Bioengineering & Biomedical Science:

A “smart” device is … an electronic device generally connected to other devices or networks via different protocols (e.g. BlueTooth, WiFi) that can operate to some extent interactively and autonomously. … An alternative terminology for describing new trends in medical device technology may be that of “adaptive”; for it connotes the ability of the medical device to proactively adjust to new conditions or measures.

Smart medical devices are being deployed at a rapid pace. You can find further details on market growth in Rao’s blog, and what this means is that security, privacy, and safety concerns need to be addressed.

Are Smart Medical Devices Digitally Safe?

With ever-increasing numbers of smart medical devices being deployed, one has to wonder:

  • Can we trust these devices to be legitimate?
  • Are they being authenticated and authorized?
  • Will they perform their tasks as prescribed?
  • Is patient data and privacy always protected?

How to Make Smart Medical Devices Secure

Deploying smart medical devices with confidence requires that the integrity of devices, the software they run, and the data they collect is maintained across the entire system. It also requires those responsible for delivering the services to always remain in control of the processes at all times. The following procedures need to be in place to secure the increasing number of connected smart medical devices:

  1. As with any other connected device, smart medical devices receive their initial identity in the form of a digital certificate, when they are first manufactured, and this manufacturing process must be controlled and certified to avoid counterfeiting.
  2. Once these devices are brought into the ecosystem of the healthcare organization, the organizations must use their digital certificates to identify and authenticate the devices before they are calibrated to perform their intended functions.
  3. To enable continued trust once the devices become operational, software updates must all be digitally signed. This ensures the integrity of the code and protects against unauthorized injection of malware.

Securing Medical Devices and Patient Safety

nCipher Security and our nFINITY partner, Device Authority, are helping secure medical devices. Our joint Healthcare IoT Security Blueprint provides the requirements, components and guidelines for secure and safe deployment of IoT technologies in healthcare. As a leading provider of secure identity and access management solutions, Device Authority enables end-to-end security architectures that scale to meet today’s demands. The company’s KeyScaler Platform provides trust for medical and other IoT devices using breakthrough Dynamic Device Key Generation (DDKG) and Public Key Infrastructure (PKI) Signature+ technology. Integrating with nCipher’s nShield Hardware Security Modules (HSMs), the combined solution protects and manages critical cryptographic keys that form the root of trust for the entire ecosystem.

To learn more about securing connected medical devices, including how to design and deploy scalable credential management systems with a root of trust, register here for our joint webinar on 19 February: “Cyber Security vs. Cyber Safety – Are Medical Devices Secure and Patients Safe?”

Follow nCipher on TwitterLinkedIn, and Facebook, and follow me on Twitter @AsenjoJuan.

WRITTEN BY
Juan Asenjo