• Login
    • Join
  • FOLLOW:
  • Subscribe Free
    • Magazine
    • eNewsletter
    Checkout
    • Magazine
    • News
    • Opinions
    • Top 30
    • Research
    • Supply Chain
    • Device Sectors
    • Directory
    • Events
    • Resources
    • Microsites
    • More
  • Magazine
  • News
  • Opinions
  • Top 30
  • Research
  • Supply Chain
  • Device Sectors
  • Directory
  • Events
  • Resources
  • Microsites
  • Current / Back Issues
    Features
    Editorial
    Digital Edition
    eNewsletter Archive
    Our Team
    Editorial Guidelines
    Reprints
    Subscribe Now
    Advertise Now
    Top Features
    Electrifying Healthcare: A Look at Electronics Manufacturing Services for Medtech

    Smooth Operator: Addressing Machining's Talent Gap

    Valued R&D: The Transformation of Medical Device Research and Development

    Additive Manufacturing: A Tool for Driving Innovation

    Layering Metal: Additive Manufacturing in Medtech
    OEM News
    Supplier News
    Service / Press Releases
    Online Exclusives
    Press Releases
    People in the News
    Product & Service Releases
    Supplier News
    Technical Features
    International News
    Videos
    Product & Service Releases
    Live From Shows
    Top News
    Robotic Sensor Can Spot Reproductive Health Problems in Real-Time

    First Motor-Controlled Heart Valves Implanted in Europe

    Micro Interventional Devices and Neovasc Settle TMVR Lawsuit

    FDA Clears New Soft Tissue Visualization for ViewRay's MRIdian System

    IZI Medical Products Acquires Quick-Core Biopsy, Breast Localization Needle Assets From Cook Medical
    From the Editor
    Blogs
    Guest Opinions
    Top Opinions
    Electrifying Healthcare: A Look at Electronics Manufacturing Services for Medtech

    Smooth Operator: Addressing Machining's Talent Gap

    Valued R&D: The Transformation of Medical Device Research and Development

    Additive Manufacturing: A Tool for Driving Innovation

    Layering Metal: Additive Manufacturing in Medtech
    Top 30 Medical Device Companies
    Top Top 30
    Top 30 Global Medical Device Companies

    1. Medtronic plc

    2. Johnson & Johnson

    3. GE Healthcare

    4. Royal Philips
    Market Data
    Datawatch Column
    Salary Survey
    White Papers
    Top Research
    Discerning Medtech’s Path in 2019

    Disrupting the Outsourcing Model

    Election Impact and the Beginning of the 116th Congress

    Is Your Packaging Provider Prepared If Disaster Strikes?

    A Primer for Manufacturers Adjusting to Value-Based Healthcare
    3D/Additive Manufacturing
    Contract Manufacturing
    Electronics
    Machining & Laser Processing
    Materials
    Molding
    Packaging & Sterilization
    R&D & Design
    Software & IT
    Testing
    Tubing & Extrusion
    Cardiovascular
    Diagnostics
    Digital Health
    Neurological
    Patient Monitoring
    Surgical
    All Companies
    Categories
    Company Capabilities
    Add New Company
    Outsourcing Directory
    Pulse Systems

    Ulbrich Stainless Steels & Special Metals Inc.

    Creganna Medical, part of TE Connectivity

    Spectrum Plastics Group

    Marox Corporation
    MPO Summit
    Industry Events
    Webinars
    Live From Show Event
    Industry Associations
    Videos
    Career Central
    eBook
    Slideshows
    Top Resources
    Help Wanted

    Is VR the Solution for Addressing Chronic Pain?

    Design Sophisticate

    Sintered or Expanded—Which PTFE Is Best Suited for Your Device?

    Best Practices Spotlight: How to Grow Your Products Globally
    Companies
    News Releases
    Product Releases
    Press Releases
    Product Spec Sheets
    Service Releases
    Case Studies
    White Papers
    Brochures
    Videos
    Outsourcing Directory
    K-Tube Technologies

    Creganna Medical, part of TE Connectivity

    Marox Corporation

    Forefront Medical Technology

    EG-GILERO
    • Magazine
      • Current/Back Issues
      • Features
      • Editorial
      • Columns
      • Digital Editions
      • Subscribe Now
      • Advertise Now
    • News
    • Directory
      • All Companies
      • ALL CATEGORIES
      • Industry Associations
      • Company Capabilities
      • Add Your Company
    • Supply Chain
      • 3D/Additive Manufacturing
      • Contract Manufacturing
      • Electronics
      • Machining & Laser Processing
      • Materials
      • Molding
      • Packaging & Sterilization
      • R&D & Design
      • Software & IT
      • Testing
      • Tubing & Extrusion
    • Device Sectors
      • Cardiovascular
      • Diagnostics
      • Digital Health
      • Neurological
      • Patient Monitoring
      • Surgical
    • Top 30 Company Report
    • Expert Insights
    • Slideshows
    • Videos
    • Podcasts
    • Resources
    • eBook
    • Infographics
    • Whitepapers
    • Research
      • White Papers
      • Case Studies
      • Product Spec Sheets
      • Salary Survey
      • Market Data
      • Datawatch Column
    • MPO Summit
    • Events
      • Industry Events
      • Live From Show Events
      • Webinars
    • Microsite
      • Companies
      • Product Releases
      • Product Spec Sheets
      • Services
      • White Papers / Tech Papers
      • Press Releases
      • Videos
      • Literature / Brochures
      • Case Studies
    • About Us
      • About Us
      • Contact Us
      • Advertise with Us
      • eNewsletter Archive
      • Privacy Policy
      • Terms of Use
    Online Exclusives

    Safe and Secure: Ensuring the Cybersecurity of Connected Medical Devices

    The need to secure a connected medical device is critical to ensure patient safety and protect a patient’s data and personal information.

    Related CONTENT
    • Active Implantable Medical Device Testing: What You Need to Know
    • 5 Real-Time & Remote Patient Monitoring Trends
    • FDA Clears Surgical Innovation Associates' Bioabsorbable Mesh for Reconstructive & Cosmetic Surgery
    • Intertek Accredited for End-to-End Evaluation of Implantable, Non-Implantable Medical Devices
    • Bitlinx Wireless
    Wayne Stewart, Director, EWA Canada, an Intertek Company01.02.19
    IoT security is still in its infancy. Few devices have been designed with cybersecurity in mind. Even fewer have had any independent cybersecurity testing. As a result, many people are afraid of what cybersecurity risks can exist in a device. Others may not give it a thought until something happens—when it’s too late. The healthcare industry is a growing part of the connected world as devices themselves become connected and interact with other connected products. The need to secure a connected medical device is critical to ensure patient safety and protect a patient’s data and personal information.

    General Mitigation Measures
    For any connected device, securing the ecosystem is critical. A secure ecosystem is built on a base of secure products that have undergone rigorous security evaluation against industry-accepted standards. Secure products alone are not enough. Best practices and industry-specific standards should be used to develop the security minded processes driving the operation of a secure networking and computing infrastructure. A secure ecosystem should be monitored and maintained via regularly scheduled audits and the use of outside teams for tasks such as penetration testing, software evaluations, and hardware assessments. It is also critical to conduct regular security awareness training and ensure employees are regularly trained on security best practices.

    Independent testing and security certification of connected devices is important to demonstrate a commitment to the management of information security. It illustrates compliance with business, legal, contractual, and regulatory requirements while clearly identifying who is responsible for information assets and delineating information risk responsibilities. This independent opinion confirms controls are working as intended, offering a competitive advantage. It also outlines roadmaps for security improvement, improved operating processes, and identification of key business assets.

    While following the general mitigation methods will assist in assuring the security of the IT ecosystem, there are specific steps and considerations that will help to secure connected medical products.

    Connected Medical Devices
    When it comes to connected medical devices, there are several problems and challenges to consider. Medical device manufacturers are familiar with risk management and addressing hazards, but connected devices introduce a new form of risk, a cyber risk. Following a simple model of cybersecurity can be a challenge given the deficiencies in many current assessment models. Security assessment of the cloud back-end, while critical, is not a part of many of today’s IoT security standards—standards designed to assess the security of the device, but do not provide end-to-end assurance of cloud-based data and services. Additionally, within the communications infrastructure there is an underlying (and incorrect) assumption that the communications may be assumed to be secure. Simply stated, the typical scope of medical device endpoint security test/evaluation doesn’t address the complex and distributed nature of network-connected products. Security vulnerabilities in communications and back-end servers and services can result in significant cybersecurity concerns and patient hazards.

    To address these issues, connected medical devices must be evaluated to the full scope of testing for enhanced assurance, including:

    • Connectivity: Regulatory and safety compliance testing of cellular (3G, LTE, etc.) and non-cellular (Bluetooth, WiFi, Zigbee, etc.) elements.
    • Interoperability: Assurance of end-point interoperability with major operating and application platforms.
    • Security: End-to-end security of a device and its supporting back-end infrastructure based on applicable standards such as ANSI/UL 2900-2-1.

    A full scope of testing and evaluations allows a manufacturer to reassure the end user. It also provides peace of mind that a product’s interoperability with other devices and platforms is confirmed, helping ensure an ideal user experience while securing information and maintaining performance. Full-scale testing also ensures communication channels are secure, enforcing the confidentiality and integrity of data transferred between the device and IoT infrastructure. Testing the infrastructure, in turn, provides assurance that end-user sensitive data is adequately protected against unauthorized disclosure, theft of service, or other concerns.

    At the end of the day, no two medical devices are the same. It is up to the manufacturer to ensure the end-to-end security of a device, as well as cloud services. Likewise, it is up to the manufacturer to ensure risk is managed, data is protected, and the device itself is not creating a backdoor on an internal network. It is also the responsibility of the manufacturer to ensure new firmware updates can be securely deployed without creating new risks. The best way to do all of this is through regulatory standards, best practices, and independent assessment.

    Regulatory Requirements
    Recently, the U.S. Food and Drug Administration issued draft guidance that includes a recommendation for a “cybersecurity bill of materials” in all premarket submissions. This “bill” should detail the device’s software and hardware components susceptible to cyberattacks. The goal is for manufacturers to incorporate cybersecurity best practices as they design and develop medical devices and to address threats before entering the market.

    The guidance breaks medical devices into two categories: higher security risk (Tier 1) and standard security risk (Tier 2). The two categories are based on the level of potential harm to patients. It encourages the creation of “trustworthy” devices (those reasonably secure from intrusion and misuse), and maintain a reasonable level of availability, reliability, and functionality.

    Premarket submission for a Tier 1 device should demonstrate the device has undergone a design and risk assessment that incorporates design controls, including ways to limit access to trusted users, authentication of safety-critical commands, methods to maintain the integrity and confidentiality of data, processes to detect and respond to cybersecurity events, and compliance to all labeling recommendations for devices with cybersecurity risks. Tier 2 devices may simply include an explanation for why the draft guidance’s design controls are not appropriate for the device.

    In addition to this premarket guidance, the FDA has recognized ANSI/UL 2900-2-1 for connected medical devices. Adopted in 2017, it applies to network-connectable products and requires they be evaluated and tested for vulnerabilities, software weaknesses, and malware. The standard does not contain any functional requirements for the product. Instead, it imposes three broad sets of requirements upon the vendor:

    • Documentation of design, security, and management, as well as a risk assessment of security mitigation designed into products.
    • Application of risk controls, including access control, user authentication, user authorization, securing remote communication, protection of sensitive data, and product management.
    • Elimination of product vulnerabilities through analysis and testing.

    While it has generated a lot of attention, the standard has not yet been broadly picked up by the industry. This means it is also up to the manufacturer to adopt best practices to ensure the cybersecurity of a connected medical device.

    Best Practices
    As manufacturers look to develop connected medical devices within a rapidly changing industry, there are some actions that should be taken.

    Define all the security requirements for the product. If this hasn’t been done, start to think about what types of threats might exist to the product and vulnerabilities that might reside in the product, thereby creating risks to the product that should be mitigated. Then consider which safeguards (controls) should be implemented. 

    Bake security into product design. Adding security after the fact almost never works and always costs more. Instead, the design should be built to be intrinsically secure.

    Test throughout the development process. If all security testing is loaded at the end of a project and everything works out, you’re likely extremely lucky. However, if it fails and a fundamental design flaw is found, you may have to redesign significant functionality or even start over from scratch. For this reason, whenever possible, test security early and often to ensure you’re not making any fundamental mistakes along the way.

    Creating any connected device can be a daunting task in a world where technology continues to evolve at a rapid pace. Securing any connected device is important; securing a device used for medical purposes is critical. By following the guidance issued by the FDA, standards in place for medical and/or connected devices, and industry best practices, manufacturers can take steps to ensure the safety, performance, and security of their devices.
    Related Searches
    • compliance
    • hazards
    • guidance
    • connectivity
    Related Knowledge Center
    • Software & IT
    Suggested For You
    Retia Medical’s Argos Cardiac Output Patient Monitor Cleared Retia Medical’s Argos Cardiac Output Patient Monitor Cleared
    FDA Clears First Prescription Digital Therapeutic for Opioid Use Disorder FDA Clears First Prescription Digital Therapeutic for Opioid Use Disorder
    Recognizing the Benefits of Connected Medical Devices Recognizing the Benefits of Connected Medical Devices
    First Patient Treated in Medtronic First Patient Treated in Medtronic's TERMINATE AF Clinical Trial
    Improving Asset Efficiency with Predictive Maintenance in Medical Manufacturing Improving Asset Efficiency with Predictive Maintenance in Medical Manufacturing
    Deciphering Dosage: A Focus on Combination Products Deciphering Dosage: A Focus on Combination Products
    MPO Summit: The View from the Top MPO Summit: The View from the Top
    New Efforts to Strengthen FDA’s Expanded Access Program New Efforts to Strengthen FDA’s Expanded Access Program
    Home-Use Device to Monitor Blood Thinner May Issue Inaccurate Results Home-Use Device to Monitor Blood Thinner May Issue Inaccurate Results
    Automating the Manufacturing Orchestra Automating the Manufacturing Orchestra
    FDA Approves New DNA-Based Test to Determine Blood Compatibility FDA Approves New DNA-Based Test to Determine Blood Compatibility
    Biocompatibility Pulse Check: How FDA’s New Requirements Affect Our Industry Biocompatibility Pulse Check: How FDA’s New Requirements Affect Our Industry
    Bitlinx Wireless Bitlinx Wireless
    Intertek Accredited for End-to-End Evaluation of Implantable, Non-Implantable Medical Devices Intertek Accredited for End-to-End Evaluation of Implantable, Non-Implantable Medical Devices
    FDA Clears Surgical Innovation Associates FDA Clears Surgical Innovation Associates' Bioabsorbable Mesh for Reconstructive & Cosmetic Surgery

    Related Online Exclusives

    • Software & IT
      5 Tech Investments for Accelerating Medical Device Manufacturing Growth

      5 Tech Investments for Accelerating Medical Device Manufacturing Growth

      Companies growing at 10 percent or higher year over year share their insights via an industry survey.
      Louis Columbus, Principal, IQMS 01.09.19

    • Software & IT
      Mistake-Proofing Production for Medical Device Manufacturing

      Mistake-Proofing Production for Medical Device Manufacturing

      Leveraging cloud-based and connected tools with eDHRs can significantly enhance a company’s quality program.
      Anca Thompson, SVP & Chief Quality Officer, Sanmina Corporation 12.18.18

    • Digital Health | Software & IT
      What Is This Thing Called

      What Is This Thing Called 'Cybersecurity' Anyway?

      A look at what cybersecurity really means in terms of the development of medical device software.
      Anura Fernando, Chief Innovation Architect for Medical Systems Interoperability & Security, Underwriters Laboratories (UL) 12.10.18


    • Digital Health | Electronics | Software & IT
      Recognizing the Benefits of Connected Medical Devices

      Recognizing the Benefits of Connected Medical Devices

      Leveraging cloud technology in healthcare can bring a variety of advantages to patients, doctors, and manufacturers.
      Abbas Dhilawala, CTO, Galen Data 12.06.18

    • Software & IT
      Improving Asset Efficiency with Predictive Maintenance in Medical Manufacturing

      Improving Asset Efficiency with Predictive Maintenance in Medical Manufacturing

      A bankable analytics service partner leverages data science to help predict, eliminate, and take timely action on failures.
      Dr. Sean Otto, Business Development Leader, Advanced Analytics, Cyient 11.30.18

    • Cardiovascular | Diagnostics | Digital Health | Patient Monitoring | Software & IT
      Feeding Your Digital Health App-etite at Medica

      Feeding Your Digital Health App-etite at Medica

      Ten entrepreneurs competed on the Medica Connected Healthcare Forum stage for cash prizes and opportunity for mentorship.
      Sam Brusco, Associate Editor 11.15.18


    • Electronics | Software & IT | Testing
      EMC and Wireless Compliance of Active Implantable Medical Devices

      EMC and Wireless Compliance of Active Implantable Medical Devices

      It is imperative to ensure AIMDs' safety and performance regarding EMC and wireless coexistence.
      Minal Shah, Sr. Project Engineer, Intertek 10.29.18

    • Cardiovascular | Digital Health | Patient Monitoring | Software & IT
      3 Ways the New Apple Watch Will Impact the Medical Device Industry

      3 Ways the New Apple Watch Will Impact the Medical Device Industry

      The tech giant is focusing on a new target, posing an interesting challenge for companies already producing medical devices.
      Megan Ray Nichols, Science Writer; Editor, Schooled By Science 10.18.18

    • Software & IT
      How Medical Device Quality Teams Can Navigate Digital Transformation

      How Medical Device Quality Teams Can Navigate Digital Transformation

      The potential benefits from digitalization extend beyond increased productivity for medical device manufacturing.
      Stephen McCarthy, VP of Digital Innovation, Sparta Systems 10.18.18


    • Software & IT
      6 Best Practices for Complying with ISO 13485:2016

      6 Best Practices for Complying with ISO 13485:2016

      At this stage, companies have less than six months to be compliant.
      Jon Speer, Co-Founder and VP of QA/RA, Greenlight Guru 10.17.18

    • R&D & Design | Software & IT
      5 Reasons Design Controls and Risk Management Processes Fail

      5 Reasons Design Controls and Risk Management Processes Fail

      Design controls do not have to be the big, imposing task they are often made out to be.
      Jon Speer, Co-Founder and VP of QA/RA, Greenlight Guru 08.20.18

    • R&D & Design | Software & IT
      Software for Medical Devices: Six Practices You Should Not Overlook

      Software for Medical Devices: Six Practices You Should Not Overlook

      As a software element exists with a large majority of devices, getting the development right is critical to market success.
      Yuri Kirkel, EVP, Auriga Inc. 04.26.18

    • Software & IT
      Software Validation: How It Should Be Done

      Software Validation: How It Should Be Done

      With vague guidance from FDA, device makers need to ensure they are using best practices.
      Erin Wright, Validation Product Manager, MasterControl 04.26.18

    • Diagnostics | Digital Health | Software & IT
      Healthcare Artificial Intelligence Market to Register Commendable 40 Percent CAGR Over 2017-2024

      Healthcare Artificial Intelligence Market to Register Commendable 40 Percent CAGR Over 2017-2024

      The U.S. is expected to be a lucrative growth avenue for this market.
      Ojaswita Kutepatil, Global Market Insights Inc. 04.16.18

    • Digital Health | Software & IT
      Ensuring a Successful Migration to Windows 10

      Ensuring a Successful Migration to Windows 10

      The right moves protect validation, increase security, and enable a competitive edge.
      Jeff Durst, Director of Product Management and Solutions Architect, Dedicated Computing 02.16.18


    Breaking News
    • Robotic Sensor Can Spot Reproductive Health Problems in Real-Time
    • First Motor-Controlled Heart Valves Implanted in Europe
    • Micro Interventional Devices and Neovasc Settle TMVR Lawsuit
    • FDA Clears New Soft Tissue Visualization for ViewRay's MRIdian System
    • IZI Medical Products Acquires Quick-Core Biopsy, Breast Localization Needle Assets From Cook Medical
    View Breaking News >
    CURRENT ISSUE

    January/February 2019

    • Electrifying Healthcare: A Look at Electronics Manufacturing Services for Medtech
    • Smooth Operator: Addressing Machining's Talent Gap
    • Valued R&D: The Transformation of Medical Device Research and Development
    • Additive Manufacturing: A Tool for Driving Innovation
    • View More >

    Cookies help us to provide you with an excellent service. By using our website, you declare yourself in agreement with our use of cookies.
    You can obtain detailed information about the use of cookies on our website by clicking on "More information”.

    • privacy policy
    • term and condition
    • about us
    • contact us

    follow us

    Subscribe

    magazines

    Image
    Image
    Image
    Image
    Image
    Image
    Image
    Image
    Image
    Image
    Image

    Copyright © 2019 Rodman Media. All rights reserved. Use of this constitutes acceptance of our privacy policy The material on this site may not be reproduced, distributed, transmitted, or otherwise used, except with the prior written permission of Rodman Media.

    AD BLOCKER DETECTED

    Our website is made possible by displaying online advertisements to our visitors.
    Please consider supporting us by disabling your ad blocker.


    FREE SUBSCRIPTION Already a subscriber? Login