• Login
    • Join
  • FOLLOW:
  • Subscribe Free
    • Magazine
    • eNewsletter
    Checkout
    • Magazine
    • News
    • Opinions
    • Top 30
    • Research
    • Supply Chain
    • Device Sectors
    • Directory
    • Events
    • Resources
    • Microsites
    • More
  • Magazine
  • News
  • Opinions
  • Top 30
  • Research
  • Supply Chain
  • Device Sectors
  • Directory
  • Events
  • Resources
  • Microsites
  • Current / Back Issues
    Features
    Editorial
    Digital Edition
    eNewsletter Archive
    Our Team
    Editorial Guidelines
    Reprints
    Subscribe Now
    Advertise Now
    Top Features
    Superior Subtractive Solutions for Machining Medtech

    Assembly & Automation Experts Share Thoughts on Medtech Trends

    Power Trip: A Discussion of Custom Medical Electronics

    The MDR Transition: An Opportunity for Design Change?

    Preserve and Protect: Sustainability Initiatives for Medtech Manufacturing
    OEM News
    Supplier News
    Service / Press Releases
    Online Exclusives
    Press Releases
    People in the News
    Product & Service Releases
    Supplier News
    Medtech Makers
    Technical Features
    International News
    Videos
    Product & Service Releases
    Live From Shows
    Regulatory
    Financial/Business
    Top News
    MPO's Most-Read Stories This Week—Sept. 23

    Beckman Coulter Helping Labs Comply With Annex 1 Regulation

    FDA Clears MeMed BV Direct From Whole Blood

    Biostrap Debuts Tool to Measure Stress Resilience, Heart Rate Variability

    EndoTheia Announces Positive Study Results for Endoscopic Surgery Device
    From the Editor
    Blogs
    Guest Opinions
    Top Opinions
    Superior Subtractive Solutions for Machining Medtech

    Assembly & Automation Experts Share Thoughts on Medtech Trends

    Power Trip: A Discussion of Custom Medical Electronics

    The MDR Transition: An Opportunity for Design Change?

    Preserve and Protect: Sustainability Initiatives for Medtech Manufacturing
    Top 30 Medical Device Companies
    Market Data
    White Papers
    Top Research
    Medtech’s Most Powerful M&A Drivers

    The Link Between Medtech and Connected Medical Devices

    Is the FTC Partly Responsible for Muted M&A Activity?

    Holistic Risk Management: Navigating the Future’s Uncertainties

    Defining End of Life for Medical Devices
    3D/Additive Manufacturing
    Contract Manufacturing
    Electronics
    Machining & Laser Processing
    Materials
    Molding
    Packaging & Sterilization
    R&D & Design
    Software & IT
    Testing
    Tubing & Extrusion
    Cardiovascular
    Diagnostics
    Digital Health
    Neurological
    Patient Monitoring
    Surgical
    Orthopedics
    All Companies
    Categories
    Company Capabilities
    Add New Company
    Outsourcing Directory
    Cirtec Medical

    Providence Enterprise USA Inc.

    JBC Technologies

    Johari Digital Healthcare Ltd.

    Medbio LLC
    MPO Summit
    Industry Events
    Webinars
    Live From Show Event
    Industry Associations
    Videos
    Career Central
    eBook
    Slideshows
    Top Resources
    A One-Stop-Shop, Turnkey Solution Is Paramount for Success

    How Additive and Subtractive Manufacturing Are Revolutionizing the Medical Device Industry

    Medical Device Commercialization: It’s What, Not When, to Transfer to Manufacturing

    How In Silico Simulations Can Slash Medical Device Development Risk

    The Top 7 AI Applications Transforming Medical Device Manufacturing
    Companies
    News Releases
    Product Releases
    Press Releases
    Product Spec Sheets
    Service Releases
    Case Studies
    White Papers
    Brochures
    Videos
    Outsourcing Directory
    Cirtec Medical

    Providence Enterprise USA Inc.

    JBC Technologies

    Johari Digital Healthcare Ltd.

    Medbio LLC
    • Magazine
      • Current/Back Issues
      • Features
      • Editorial
      • Columns
      • Digital Editions
      • Subscribe Now
      • Advertise Now
    • News
    • Directory
      • All Companies
      • ALL CATEGORIES
      • Industry Associations
      • Company Capabilities
      • Add Your Company
    • Supply Chain
      • 3D/Additive Manufacturing
      • Contract Manufacturing
      • Electronics
      • Machining & Laser Processing
      • Materials
      • Molding
      • Packaging & Sterilization
      • R&D & Design
      • Software & IT
      • Testing
      • Tubing & Extrusion
    • Device Sectors
      • Cardiovascular
      • Diagnostics
      • Digital Health
      • Neurological
      • Patient Monitoring
      • Surgical
      • Orthopedics
    • Top 30 Company Report
    • Expert Insights
    • Slideshows
    • Videos
    • eBook
    • Resources
    • Podcasts
    • Infographics
    • Whitepapers
    • Research
      • White Papers
      • Case Studies
      • Product Spec Sheets
      • Market Data
    • MPO Summit
    • Events
      • Industry Events
      • Live From Show Events
      • Webinars
    • Microsite
      • Companies
      • Product Releases
      • Product Spec Sheets
      • Services
      • White Papers / Tech Papers
      • Press Releases
      • Videos
      • Literature / Brochures
      • Case Studies
    • About Us
      • About Us
      • Contact Us
      • Advertise with Us
      • eNewsletter Archive
      • Privacy Policy
      • Terms of Use
    Online Exclusives

    Safe and Secure: Ensuring the Cybersecurity of Connected Medical Devices

    The need to secure a connected medical device is critical to ensure patient safety and protect a patient’s data and personal information.

    Safe and Secure: Ensuring the Cybersecurity of Connected Medical Devices
    Wayne Stewart, Director, EWA Canada, an Intertek Company01.02.19
    IoT security is still in its infancy. Few devices have been designed with cybersecurity in mind. Even fewer have had any independent cybersecurity testing. As a result, many people are afraid of what cybersecurity risks can exist in a device. Others may not give it a thought until something happens—when it’s too late. The healthcare industry is a growing part of the connected world as devices themselves become connected and interact with other connected products. The need to secure a connected medical device is critical to ensure patient safety and protect a patient’s data and personal information.

    General Mitigation Measures
    For any connected device, securing the ecosystem is critical. A secure ecosystem is built on a base of secure products that have undergone rigorous security evaluation against industry-accepted standards. Secure products alone are not enough. Best practices and industry-specific standards should be used to develop the security minded processes driving the operation of a secure networking and computing infrastructure. A secure ecosystem should be monitored and maintained via regularly scheduled audits and the use of outside teams for tasks such as penetration testing, software evaluations, and hardware assessments. It is also critical to conduct regular security awareness training and ensure employees are regularly trained on security best practices.

    Independent testing and security certification of connected devices is important to demonstrate a commitment to the management of information security. It illustrates compliance with business, legal, contractual, and regulatory requirements while clearly identifying who is responsible for information assets and delineating information risk responsibilities. This independent opinion confirms controls are working as intended, offering a competitive advantage. It also outlines roadmaps for security improvement, improved operating processes, and identification of key business assets.

    While following the general mitigation methods will assist in assuring the security of the IT ecosystem, there are specific steps and considerations that will help to secure connected medical products.

    Connected Medical Devices
    When it comes to connected medical devices, there are several problems and challenges to consider. Medical device manufacturers are familiar with risk management and addressing hazards, but connected devices introduce a new form of risk, a cyber risk. Following a simple model of cybersecurity can be a challenge given the deficiencies in many current assessment models. Security assessment of the cloud back-end, while critical, is not a part of many of today’s IoT security standards—standards designed to assess the security of the device, but do not provide end-to-end assurance of cloud-based data and services. Additionally, within the communications infrastructure there is an underlying (and incorrect) assumption that the communications may be assumed to be secure. Simply stated, the typical scope of medical device endpoint security test/evaluation doesn’t address the complex and distributed nature of network-connected products. Security vulnerabilities in communications and back-end servers and services can result in significant cybersecurity concerns and patient hazards.

    To address these issues, connected medical devices must be evaluated to the full scope of testing for enhanced assurance, including:

    • Connectivity: Regulatory and safety compliance testing of cellular (3G, LTE, etc.) and non-cellular (Bluetooth, WiFi, Zigbee, etc.) elements.
    • Interoperability: Assurance of end-point interoperability with major operating and application platforms.
    • Security: End-to-end security of a device and its supporting back-end infrastructure based on applicable standards such as ANSI/UL 2900-2-1.

    A full scope of testing and evaluations allows a manufacturer to reassure the end user. It also provides peace of mind that a product’s interoperability with other devices and platforms is confirmed, helping ensure an ideal user experience while securing information and maintaining performance. Full-scale testing also ensures communication channels are secure, enforcing the confidentiality and integrity of data transferred between the device and IoT infrastructure. Testing the infrastructure, in turn, provides assurance that end-user sensitive data is adequately protected against unauthorized disclosure, theft of service, or other concerns.

    At the end of the day, no two medical devices are the same. It is up to the manufacturer to ensure the end-to-end security of a device, as well as cloud services. Likewise, it is up to the manufacturer to ensure risk is managed, data is protected, and the device itself is not creating a backdoor on an internal network. It is also the responsibility of the manufacturer to ensure new firmware updates can be securely deployed without creating new risks. The best way to do all of this is through regulatory standards, best practices, and independent assessment.

    Regulatory Requirements
    Recently, the U.S. Food and Drug Administration issued draft guidance that includes a recommendation for a “cybersecurity bill of materials” in all premarket submissions. This “bill” should detail the device’s software and hardware components susceptible to cyberattacks. The goal is for manufacturers to incorporate cybersecurity best practices as they design and develop medical devices and to address threats before entering the market.

    The guidance breaks medical devices into two categories: higher security risk (Tier 1) and standard security risk (Tier 2). The two categories are based on the level of potential harm to patients. It encourages the creation of “trustworthy” devices (those reasonably secure from intrusion and misuse), and maintain a reasonable level of availability, reliability, and functionality.

    Premarket submission for a Tier 1 device should demonstrate the device has undergone a design and risk assessment that incorporates design controls, including ways to limit access to trusted users, authentication of safety-critical commands, methods to maintain the integrity and confidentiality of data, processes to detect and respond to cybersecurity events, and compliance to all labeling recommendations for devices with cybersecurity risks. Tier 2 devices may simply include an explanation for why the draft guidance’s design controls are not appropriate for the device.

    In addition to this premarket guidance, the FDA has recognized ANSI/UL 2900-2-1 for connected medical devices. Adopted in 2017, it applies to network-connectable products and requires they be evaluated and tested for vulnerabilities, software weaknesses, and malware. The standard does not contain any functional requirements for the product. Instead, it imposes three broad sets of requirements upon the vendor:

    • Documentation of design, security, and management, as well as a risk assessment of security mitigation designed into products.
    • Application of risk controls, including access control, user authentication, user authorization, securing remote communication, protection of sensitive data, and product management.
    • Elimination of product vulnerabilities through analysis and testing.

    While it has generated a lot of attention, the standard has not yet been broadly picked up by the industry. This means it is also up to the manufacturer to adopt best practices to ensure the cybersecurity of a connected medical device.

    Best Practices
    As manufacturers look to develop connected medical devices within a rapidly changing industry, there are some actions that should be taken.

    Define all the security requirements for the product. If this hasn’t been done, start to think about what types of threats might exist to the product and vulnerabilities that might reside in the product, thereby creating risks to the product that should be mitigated. Then consider which safeguards (controls) should be implemented. 

    Bake security into product design. Adding security after the fact almost never works and always costs more. Instead, the design should be built to be intrinsically secure.

    Test throughout the development process. If all security testing is loaded at the end of a project and everything works out, you’re likely extremely lucky. However, if it fails and a fundamental design flaw is found, you may have to redesign significant functionality or even start over from scratch. For this reason, whenever possible, test security early and often to ensure you’re not making any fundamental mistakes along the way.

    Creating any connected device can be a daunting task in a world where technology continues to evolve at a rapid pace. Securing any connected device is important; securing a device used for medical purposes is critical. By following the guidance issued by the FDA, standards in place for medical and/or connected devices, and industry best practices, manufacturers can take steps to ensure the safety, performance, and security of their devices.
    Related Searches
    • design
    • medical device manufacturers
    • compliance
    • development
    Related Knowledge Center
    • Software & IT
    Suggested For You
    iCAD Signs Global Distribution Agreement With Sectra iCAD Signs Global Distribution Agreement With Sectra
    How Medical Device Connectivity Is Improving Accessibility in Healthcare How Medical Device Connectivity Is Improving Accessibility in Healthcare
    Cynerio Raises $30 Million in Series B Funding Cynerio Raises $30 Million in Series B Funding
    MDIC Partners With Booz Allen on Device Cybersecurity MDIC Partners With Booz Allen on Device Cybersecurity
    Intertek Granted ASCA Recognition by FDA for Medical Device Premarket Testing Intertek Granted ASCA Recognition by FDA for Medical Device Premarket Testing
    Empowering Value-Based Care Through Interoperability Empowering Value-Based Care Through Interoperability
    How Can a Device End User Aid in Cybersecurity? How Can a Device End User Aid in Cybersecurity?
    What Could Medical Device Hacking’s Future Look Like? What Could Medical Device Hacking’s Future Look Like?
    OEMs Increasingly Choosing EMS Providers Closer to Home  OEMs Increasingly Choosing EMS Providers Closer to Home
    EMS EMS' Engineering Resources Increasingly in Demand
    Real-World Medical Device Hacking Tales Real-World Medical Device Hacking Tales
    Fiber Optics Introducing New Cleanliness Requirements for Medical Electronics Fiber Optics Introducing New Cleanliness Requirements for Medical Electronics
    Portable Medical Devices Market to Reach $100 Billion by 2027 Portable Medical Devices Market to Reach $100 Billion by 2027
    Three Future Trends and Opportunities in Quality Assurance Three Future Trends and Opportunities in Quality Assurance
    Adopting a Data-Driven Quality Model Adopting a Data-Driven Quality Model

    Related Breaking News

    • Digital Health
      iCAD Signs Global Distribution Agreement With Sectra

      iCAD Signs Global Distribution Agreement With Sectra

      Agreement will expand access to ProFound AI and ProFound AI Risk to more facilities and imaging centers worldwide.
      Globe Newswire 08.19.21

    • Digital Health
      How Medical Device Connectivity Is Improving Accessibility in Healthcare

      How Medical Device Connectivity Is Improving Accessibility in Healthcare

      The fifth generation of wireless connectivity sets the stage for better medical devices.
      Adrian Johansen 08.03.21

    • Cynerio Raises $30 Million in Series B Funding

      Cynerio Raises $30 Million in Series B Funding

      Money will be used to secure mission-critical medical and IoT devices in hospitals and health systems.
      Cynerio 07.29.21


    • MDIC Partners With Booz Allen on Device Cybersecurity

      MDIC Partners With Booz Allen on Device Cybersecurity

      Companies will identify best practices in cybersecurity benchmarking that can be replicated by manufacturers to ensure patient safety and security.
      Business Wire 07.19.21

    • Intertek Granted ASCA Recognition by FDA for Medical Device Premarket Testing

      Intertek Granted ASCA Recognition by FDA for Medical Device Premarket Testing

      he ASCA Pilot Program is a voluntary program developed to provide increased confidence in testing results.
      Michael Barbella, Managing Editor 06.04.21

    Loading, Please Wait..

    Trending
    • A New Approach To Post-Market Surveillance
    • Medtronic Obtains EU Nod For Simplera CGM
    • Danaher Names New Environmental And Applied Solutions Company Veralto
    • SteriTek Opens New E-Beam/X-Ray Sterilization Facility Near Dallas
    • The Future Of Biomedical Engineering Advancements
    Breaking News
    • MPO's Most-Read Stories This Week—Sept. 23
    • Beckman Coulter Helping Labs Comply With Annex 1 Regulation
    • FDA Clears MeMed BV Direct From Whole Blood
    • Biostrap Debuts Tool to Measure Stress Resilience, Heart Rate Variability
    • EndoTheia Announces Positive Study Results for Endoscopic Surgery Device
    View Breaking News >
    CURRENT ISSUE

    September 2023

    • Superior Subtractive Solutions for Machining Medtech
    • Medical Device Industry Experts' Thought on Assembly & Automation
    • Power Trip: A Discussion of Custom Medical Electronics
    • The MDR Transition: An Opportunity for Design Change?
    • View More >

    Cookies help us to provide you with an excellent service. By using our website, you declare yourself in agreement with our use of cookies.
    You can obtain detailed information about the use of cookies on our website by clicking on "More information”.

    • About Us
    • Privacy Policy
    • Terms And Conditions
    • Contact Us

    follow us

    Subscribe
    Nutraceuticals World

    Latest Breaking News From Nutraceuticals World

    GOED Releases Sustainability Report for Omega-3s Industry
    ABC’s Journal HerbalGram Celebrates 40th Anniversary
    Curcumin May Be As Effective as PPI for Indigestion
    Coatings World

    Latest Breaking News From Coatings World

    ACS Reports Chameleon Inspired Building Coating
    Substrate Wetting Agent Available from BRB International
    Nouryon Manufacturing Network Transitions to 100% Electricity From Renewable Sources in Brazil
    Medical Product Outsourcing

    Latest Breaking News From Medical Product Outsourcing

    MPO's Most-Read Stories This Week—Sept. 23
    Beckman Coulter Helping Labs Comply With Annex 1 Regulation
    FDA Clears MeMed BV Direct From Whole Blood
    Contract Pharma

    Latest Breaking News From Contract Pharma

    Eftilagimod Cleared for Clinical Trial Use in the UK
    Veranova Names William Sanders Global VP of Chemical Development Ops
    Chime, Panolos Partner to Advance Multi-specific Therapeutic Proteins
    Beauty Packaging

    Latest Breaking News From Beauty Packaging

    Hailey Bieber's Rhode Expands Into Makeup
    Avon Enters Retail Partnership with Superdrug
    IT Award Winners Announced at MakeUp in NY
    Happi

    Latest Breaking News From Happi

    Jared Leto Ends Skin Care Line Twentynine Palms
    Ideal Image Offers FDA-Approved Alternative to Botox
    Nulastin Unveils Hair Growth Outcomes from Pair of Studies
    Ink World

    Latest Breaking News From Ink World

    Cooper Watson Acquires Tower Products
    The Durst Group Awarded Eight 2023 PRINTING United Alliance Pinnacle Awards
    Weekly Recap: Wikoff Color, HP, INX VC Top This Week’s Stories
    Label & Narrow Web

    Latest Breaking News From Label & Narrow Web

    PRX Market debuts, Tower Products acquired and more
    Flexo Wash to exhibit at FTA Fall Technical Conference
    Recyclable, deinkable stand-up pouch wins Gold in Germany
    Nonwovens Industry

    Latest Breaking News From Nonwovens Industry

    Weekly Recap: Soft N' Dry Seeks to Expand Private Label Roll Out, Albis Completes Work on Line
    Lenzing Earns EU Ecolabel at Indonesian Plant
    Albis Completes Work On Extra Wide Carding, Blending Line
    Orthopedic Design & Technology

    Latest Breaking News From Orthopedic Design & Technology

    ODT's Most-Read Stories This Week—Sept. 23
    Anika Releases RevoMotion Reverse Shoulder Arthroplasty System
    Exactech's Activit-E Polyethylene OK'ed for Vantage Total Ankle
    Printed Electronics Now

    Latest Breaking News From Printed Electronics Now

    HID to Showcase Future-Proof Solutions at GITEX 2023
    Weekly Recap: Mergers and Acquisitions, IEC’s IME Standards Top This Week’s Stories
    EU-Funded Collaboration Hub Aims to Mainstream Printed Electronics

    Copyright © 2023 Rodman Media. All rights reserved. Use of this constitutes acceptance of our privacy policy The material on this site may not be reproduced, distributed, transmitted, or otherwise used, except with the prior written permission of Rodman Media.

    AD BLOCKER DETECTED

    Our website is made possible by displaying online advertisements to our visitors.
    Please consider supporting us by disabling your ad blocker.


    FREE SUBSCRIPTION Already a subscriber? Login