COVID-19 Challenge: How to Secure Connected Medical Devices?

This post is also available in: עברית (Hebrew)

The healthcare industry increasingly relies on IoT networks to securely connect a growing variety of medical devices and equipment. Internet of Medical Things (IoMT) applications range from a hospital’s consignment inventory management to remotely controlling insulin pumps, heart-rate monitors, and other implantable devices using smartphones.

The growing use of remote medicine In the COVID-19 era leverages connectivity advantages. However, device security is often neglected. The industry moves to a command-and-control model using commercial smartphones whose built-in security mechanisms are generally not adequate for safety-critical applications. 

These and a wide variety of other IoMT challenges can be solved through a three-tiered “security-by-design” strategy that protects all communication between system elements, brings trust to each system element, and ensures “always-on” connectivity between smartphone apps, the IoMT devices, and the cloud.

Cyberattacks or IoMT integrity issues for connected implantable medical devices have unfortunately become more and more prevalent. One of the first examples occurred in May 2019 when a Type 1 diabetes patient re-programmed his insulin pump to customize his treatment and landed in the hospital. He had exploited a security flaw in his commercially available, FDA-authorized device. This same type of safety flaw also provides an open door to hackers, enabling them to access a device whether to cause harm or steal sensitive health information.  

Hospital asset tracking is another popular application for IoMT solutions. Vendors increasingly sell products, equipment, and associated consumables to hospitals on consignment, issuing invoices only when items are used.  While in the past, all information was manually entered, adopting an IoMT solution for these processes reduces errors while improving efficiency, but security is critical for ensuring the integrity of the supply chain and all financial transactions.

The authenticity of this hospital inventory should also be guarded. A high-profile example is personal protective equipment (PPE), whose supply has been plagued by counterfeiting during the global pandemic. Healthcare providers must defend themselves against this risk while also ensuring the proper use of all legitimate medical equipment and consumables.

In fact, every piece of connected equipment inside the hospital is also a cybersecurity threat surface. Cybercriminals can use legacy equipment like MRIs and other wired Ethernet medical systems ranging from anesthesia machines to ventilators as a means into the hospital’s core communications network. Many of these systems were produced long before cybersecurity was a critical consideration. Connecting them to the hospital network can open the door to a variety of cybersecurity attacks.

The danger grows with the adoption of commercial smartphones for controlling connected-health solutions. The devices’ Bluetooth wireless connection does not provide adequate security. 

What can be done? According to iotforall.com, each of these applications requires multiple layers of protection, especially those that use smartphones for command and control in life-critical situations. While it is true that Bluetooth, NFC, LTE, Ethernet, and other protocols mitigate some breaches, they do not defend against all threats. Therefore, it is necessary to start at the application layer, protecting the communications channel between the smartphone app, the medical device, consumable (if applicable), and the cloud from various malware and wireless channel cybersecurity attacks.

The second layer of security, for authentication, is essential for smartphone-based control of implantable devices. It helps protect both the application and the platform upon which the app is running, mitigating the risk of attack through connectivity to the solution’s cloud services, smartphone apps, and other IoT devices. 

The last layer addresses the challenge of ensuring seamless connectivity. Whether it’s an asset tracking and consignment inventory management or wearable injection device, it is critical to have “always-on” connectivity between the Thing and the Cloud to exchange data, change operating profiles, and update firmware over-the-air, or administering alerts.