Cyber security has not traditionally been an issue much associated with medical devices. However, it has been on the FDA’s radar since at least 2013 when it was cited to state that they were “… aware of hundreds of medical devices that have been infected by malware”. Recent news that one very large U.S. healthcare organisation had more than 68,000 medical systems exposed to hacking, underlines that this is a growing issue. As more and more safety critical devices incorporate data connectivity (even wireless connections in use outside of controlled, clinical environments) cyber security is about to become a front line challenge for many medical device manufacturers and one that needs to be planned for in the earliest stages of design.
Why is cyber security so important?
The answer is simple. If cyber-attackers take control of a safety critical medical device they might be able to:
- Access personal information
- Change the device’s settings
- Attempt to cause harm to the user / patient
- Commercially harm healthcare providers and device manufacturers
It is apparent that the result of having a safety critical medical device (such as a pacemaker) hacked can be catastrophic. Therefore, it is important that all necessary steps are taken to ensure that the likelihood of hacking is contained. To do so, cyber security of safety critical devices must be considered as early as possible in the development process. This should include a) identification of all potential threats, b) assessment of their likelihood to occur and c) evaluation of their impact. Understanding of the risks helps the developer to find ways to prioritise them in terms of importance and to identify ways to mitigate them.
What are the tools available to protect medical devices against cyber-attacks?
There are three widely used tools:
- Encryption – entails the conversion of any critical/important data transmitted or stored into a form that cannot be accessed/read by unauthorised individuals
- Authentication – entails the identification of a user who is trying to access / use the device
- Authorisation – is the evaluation of what type of access privileges should an authenticated user have
Security is important, however any implementation of security measures should be in line with the use-scenario the device is intended for. For example, the requirement to authenticate a user adds complexity, which in an emergency setting, may not be ideal. Encryption is not problem-free either as it may require additional energy resources – in the case of implantable devices, for example, this may have impact on the longevity of the device’s battery.
Only vigorous assessment of the security risk can help identify what is the best way of protecting a device without impeding its intended use.