Smart Medical Devices are Here to Stay Securing them is Critical
The healthcare industry is very focused on treating chronic diseases, providing effective aging-in-place support for an increasingly elderly population, and ensuring a smooth transition between inpatient hospital care and outpatient home care. The coronavirus and its impact on remote care have underscored and accelerated the importance of and demand for continuous patient monitoring provided by intelligent sensor solutions connected remotely to a cloud-based infrastructure. This has triggered the need to build secure, low-power wireless end-products that keep end-user data privacy at the core of their security architecture.
That was the topic of discussion I had the pleasure of participating in during a recent Parks Associates Connected Health Summit panel discussion regarding smart medical devices. I encourage you to watch the discussion, which spanned a range of challenges and opportunities facing smart medical devices, perhaps most importantly the necessity to ensure healthcare data is kept private and secure.
Smart Medical Devices Introduction
The rise of connected medical devices has caught the attention of hackers, who are launching more attacks on operational and infrastructure targets, typically using ransomware schemes to enrich organized crime groups. As highlighted at the RSA conference in early 2020, the level of sophistication of these ransomware attacks is growing exponentially, and - if left unprotected - vulnerable wireless devices are an effective means to compromise systems remotely using a wide variety of attacks. In order to combat the threat of cybercrime, it's clear that the individual components being used in medical devices must have an enhanced level of security robustness that delivers security from chip to cloud.
Security on Smart Medical Devices
Bluetooth® Low Energy (BLE) has become the most popular wireless connectivity solution for patient monitoring products and the Bluetooth SIG began introducing protocol level security features in 2015 with the ratification of BLE 4.2.
In addition to the BLE 4.2 security protocol, more stringent system-related security augmentations must be deployed to most effectively secure data and privacy. This is especially true for BLE, as the way to communicate the end-user / patient information to the cloud is often performed using a smart-phone and software application that jointly offers vulnerabilities for hackers attempting to gain control of medical sensors.
Additional security starts with the need to identify the end-product application and the silicon ICs used the first time these ICs initiate a connection to the cloud infrastructure. It is also critical to understand that embedded systems assume that the proper software is executed. To achieve this, a Root of Trust (RoT) must be in place so that true software authentication is performed before any code execution. This ensures that malicious software can be detected and reported and that additional measures can be deployed as needed, such as immediately cutting off the potentially infected medical product from the network.
How to Maintain Smart Medical Devices Secure?
The lifecycle of many medical devices is long, often available for purchase for several years after they are first produced. All the while, hacking techniques continue to evolve. New tools can help expose weaknesses, new hacks can occur, and new flaws can be discovered. It is therefore critical that connected medical devices are equipped to be remotely updated through secure over-the-air (OTA) updates.
Security Solutions for Medical Devices
Silicon Labs made a major announcement in 2020 with its Secure Vault Technology on EFR32 Series-2. Secure Vault offers an impressive list of technical hardware and software features that can be used to develop extremely robust, secure IoT wireless solutions. These features include Secure Loader with Root of Trust, Secure Debug with lock and unlock capabilities, Secure Key generation and storage, and Advanced Hardware Cryptography with DPA countermeasures. Secure Vault has achieved tremendous recognition on the market and earned a gold medal in the 2020's LEAP (Leadership in Engineering Achievement Program) Awards Connectivity category.
PSA Certified - a respected security certification body for Internet of Things (IoT) hardware software and devices created by Arm Holdings - officially certified Level 3 status to Silicon Labs' EFR32MG21 wireless SoCs with Secure Vault. Silicon Labs is the world's first silicon innovator to achieve PSA Certified's highest level of IoT hardware and software security protection.
Secure Vault can help ensure that BLE-connected patient monitoring devices such as Continuous Glucose Meters and Pulse Oximeters remain secure, safeguarding private and confidential healthcare data.