Medical Design Briefs - January 2022 - 13

" The cost of data
breaches in fines and
damages is directly
related to the extent
of measures taken to
protect data. It is
essential that
organizations take
every possible
precaution to safeguard
protected data. "
convenience these devices deliver with features
like cloud-connectivity, wireless/
Bluetooth connectivity, and automatic
OTA software updates.
While IoT and Software as a Medical
Device (SaMD) devices that patients or
practitioners can interact with in a home
or institutional setting can conveniently
meet patients' needs, they can be irresistible
to a cybercriminal. Not only does
this huge volume of devices contain valuable
data, each individual unit also provides
a potential route into an organization's
network.
In recent years, myriad devices have
been compromised, including baby heart
monitors, cardiac devices, and webcams.
Security vulnerabilities have impacted
hundreds of thousands of devices - a
problem that has only grown in light of
the pandemic, which has caused large
numbers of devices, as well as workers, to
migrate to people's homes where networks
are even more vulnerable.
Since edge devices typically have less
security, are on riskier parts of a network,
and have users who are less knowledgeable
about good password security (and
security measures in general), the manufacturer's
efforts to maintain device security
should start here.
After a connection is established between the device and the cloud, data can be routed from an IoT
broker to various services like a database, long-term storage for audits, and functions to route data
to external systems. Security must be maintained every step of the way. (Credit: iStock)
threats is by taking an end-to-end view
and locking down everything, including
PHI (Protected Health Information) and
PII (Personally Identifiable Informa -
tion). How? By securing the entire network
and keeping data safe as it traverses
from the " edge, " where people are interacting
with real devices, all the way to the
cloud, where data is increasingly being
sent for further processing and analysis.
Medical Design Briefs, January 2022
Cov
Cybersecurity at the Edge
Medical devices are becoming more
connected every day and are definitely
here to stay - analysts forecast growth
rates of 29 percent in the IoMT (Internet
of Medical Things) market.5,6 Devices that
remotely monitor patients, sense glucose
levels, measure heart rates, even check
hand hygiene - the medical IoT has it all.
And users have grown accustomed to the
www.medicaldesignbriefs.com
ToC
Securing a Medical Device
Most consumers would expect credit
card terminals to incorporate the most
advanced cybersecurity measures since
they process high volumes of sensitive
financial data. To that end, credit card
terminals have a hardware root-of-trust,
ensuring that all critical assets are protected
in a way that attackers cannot see
anything by snooping memory while the
device is in operation. Additionally, all
software updates for these devices must
be encrypted and signed. Makes sense.
But when it comes to our health data
and the individual medical devices that
we rely on to keep us healthy, security is
often lacking. Fortunately, that is changing,
and the latest medical devices are
adopting these important security features.
And new devices without adequate
cybersecurity will face an uphill (if not
impossible) battle to win FDA approval.
Cybersecurity features that in the past
were considered too weighty for a medical
device are no longer a nice-to-have,
they are required. Encrypted updates
are but one example. It is very difficult
to predict the kind of vulnerabilities that
13

http://www.medicaldesignbriefs.com http://info.hotims.com/82317-803

Medical Design Briefs - January 2022

Table of Contents for the Digital Edition of Medical Design Briefs - January 2022