Medical device security: Requirements, best practices, and challenges to protecting IoT in healthcare

Review the latest on medical device security, who is responsible, unique hurdles, and best practices for securing these devices.
Kelli Harris
August 13, 2021
man sitting on a couch with a pulse monitor on his finger

The medical device industry is exploding, with the Internet of Medical Things (IoMT) predicted to be worth $543 billion by 2025. In U.S. hospitals alone, there are currently 10–15 million connected medical devices, an average of 10–15 per patient bed. And that’s just hospitals — there’s also profound growth in smart wearable and home-use health devices.

While connected medical devices hold tremendous potential for improving patient care, they also present a growing attack surface for cybersecurity breaches. Security is an ongoing issue in IoT, and the medical field is especially vulnerable. Device designers and medical organizations alike need to be aware of the risks and address them proactively to keep patient data safe and secure. In this post, we’ll take a close look at the explosive growth of IoMT and the challenges and best practices for securing medical devices.

Click the links below to jump to what you need:

The medical field is a prime area for growth of IoT, with many potential use cases and ways to improve care and communications between doctors and their patients. Connected devices are designed for patients, hospital staff, home health caregivers, and more. Let’s look at a few essential benefits of IoMT for patients and healthcare providers:

Reasons IoMT will continue to grow in 2021 and beyond

Real-time patient monitoring

With connected sensors such as insulin pumps and heart monitors, patients and their healthcare providers can oversee their readings in real-time, invaluable for preventing emergencies, managing chronic diseases, and diagnosing new conditions.

Managing medication dosage

Connected medical devices such as an insulin pump can help patients manage their medication dosage, sometimes without any interaction needed. The device monitors the patient’s blood sugar levels and decides how much insulin to give in response. Depending on the use case, devices can also remind patients to take their medication at preset times.

Automatic reminders and alerts

Connected health devices send out alerts to patients and doctors if they detect a problem or anomaly. For example, a heart monitor might sound an alarm if a patient’s heart rate drops too low, climbs too high, or becomes irregular. These alerts can notify both the patient and their healthcare provider, enabling immediate care and attention that can save lives.

Healthcare data management

Connected medical devices also assist healthcare providers in managing data. IoT asset tracking systems can help hospitals monitor the location of equipment and people. Data portals and management systems allow providers to aggregate patient information for easier access, helping to reduce human error. And applications of healthcare analytics can provide predictive recommendations for patient care, hospital management, and more.‍

What is medical device cybersecurity?

Medical device cybersecurity provides protection from hackers and malware, which can disrupt the device’s function or steal private information. Healthcare devices demand exceptional security because breaches can cause physical harm or loss of life.

Like any other IoT device, medical devices require multiple layers of protection to ensure the most secure connectivity. These could include firewalls, password management, data encryption, data backup, and compliance with government regulations around patient data privacy. Device users and managers must also adhere to IoT security best practices and stay alert to emerging threats.

Ensuring this level of security is tricky because often, IoMT devices are not designed with security in mind. In their zeal to create useful medical devices and save lives, IoMT designers — like IoT designers in other fields — often neglect to build security deeply into their systems. New devices may be shoehorned into existing (often outdated) hospital system networks, adding more vulnerabilities to the picture.

Widespread adoption of new devices and solutions also tends to be slow in the healthcare sector. Because of high costs to patients and the slow rate of technological advancement in healthcare, many devices in use today are a decade old or more. These older devices have no protection against current malware and were not designed to provide it.

Piecing together a patchwork of old and new devices and systems means healthcare is often rife with cybersecurity vulnerabilities — and industry leaders know it. According to a recent survey, 88 percent of medtech leaders said they didn’t think their company was prepared to prevent a cyberattack.

Recommended reading: Medical device hacking

‍The professionals responsible for the security of medical devices

‍According to an FDA report on cybersecurity, “Medical device manufacturers (MDMs) are responsible for remaining vigilant about identifying risks and hazards associated with their medical devices, including risks related to cybersecurity.” The FDA also states that healthcare delivery organizations (HDOs) are responsible for evaluating the security of their networks and protecting hospital systems. While their responsibilities differ, both MDMs and HDOs in the U.S. bear some responsibility for addressing patient safety risks, ensuring that devices perform properly, and proactively guarding against external attacks.

Depending on the nation or region, different government entities or professional organizations may be tasked with overseeing medical device security. The FDA, the European Commission, and Health Canada have jointly grouped the security risks of various medical devices into three categories. Each class follows different guidelines to receive approval:

Class I (Non-invasive devices)

These rate as low to moderate risk as they are typically used externally. Examples include manual stethoscopes, bedpans, and elastic bandages.

Class II (Invasive devices)

Invasive devices carry moderate to high risk, and include such items as injection needles, infusion pumps, and air purifiers.

Class III (Active devices)

Designated as devices that sustain or support life and/or are implanted inside a patient, active devices carry the highest risk of illness or injury. Examples of devices in this category include implantable pacemakers, automated external defibrillators, and pulse generators.

While not all devices in these categories will need to be connected to the internet, those that do will carry an increased risk because of that ability.

‍Unique challenges and risks associated with medical device security

As MDMs and HDOs consider how to ensure medical device and network security, they face several unique challenges. Let’s take a closer look at them:

1. Limited device storage space

Small medical devices often have extremely limited data storage, making it difficult or impossible to install sufficient security software at the device level. While this is not always the case in larger devices found in hospitals, it’s a common challenge in surgically implanted devices and/or medication dosage devices that are carried with patients.

2. Multiple parties involved

From manufacturers to IoT SIM card providers, software vendors, healthcare providers, and patients who take devices home, there are many parties involved in creating and managing IoMT devices. Everyone in the chain needs to be aware of cybersecurity risks and implement best practices to minimize them.

3. Long lifespans

Technology evolves quickly, but medical devices often need to serve their purposes for years. (For example, an implanted pacemaker can’t be removed and replaced every year without added risk to the patient.) Older devices may not be able to receive software updates and patches that ensure the best security protection, leaving them more vulnerable to attack.

4. Large attack surface

With many devices interacting with each other and with a larger hospital network, the attack surface for IoMT is quite large. A device, such as an insulin pump, might be used by a single patient — but it also interfaces with the network, and if infected with malware, could spread the security threat to the hospital network and to other patients’ devices who use that network to transmit data.

5. Visibility challenges

Most IoMT devices are not running standard operating systems. That means protective software often has a difficult time recognizing them — and if they cannot “see” every device, network managers are not able to sufficiently screen for system intrusions.

6. Lack of system segmentation

Most hospitals do not implement network segmentation — a security measure, similar to sandboxing, that divides a network into multiple zones and is able to isolate security threats in the zone where they originate. For example, if a pacemaker or a heart monitor transmits data to a physician via a larger hospital network, that data could be corrupted and without network segmentation, there is no isolation between that pacemaker and the rest of the hospital network. It goes the other way, too — if the network is infected, the pacemaker will become infected.

7. Security as an afterthought

In many IoMT devices, security features are added on rather than built in. Without security by design, healthcare devices face much greater potential for human error and unforeseen vulnerabilities.

Medical device security requirements

Government bodies such as the FDA and the European Union have developed some guidelines to help ensure that a level of security is always offered to patients and healthcare providers. But while organizations such as the FDA provide guidance, they do not test or certify medical devices before they come on the market. In the U.S., federal regulations include quality system regulations (QSRs), which require medical device manufacturers to address risks, including cybersecurity risk.

Going beyond government guidance, here are a few essential security areas to cover in IoMT:

Security by design

Customize security to each device, recognizing the distinctive traits of every device and use case. Security processes should consider the tools available at the device level to secure it, and assess the risk and sensitivity level of the data it produces.

Firmware protection

Built into physical devices, firmware needs to be updated frequently to repair security flaws and improve performance. Many providers issue regular, automatic firmware updates to keep their software — and devices — secure. In many cases, firmware updates can be loaded remotely or “over the air,” without need for human oversight.

Best practices to secure IoMT devices

‍Now, let’s look at some industry best practices for securing IoMT devices:

1. Keep devices isolated

While it can sometimes slow down processing, keeping sensitive medical devices off shared networks (network segmentation) can prevent malware from spreading through systems.

2. Monitor behavior-based analytics

Keeping an ongoing monitoring system in place to see what is normal for a patient also allows doctors to notice when something changes — whether it’s due to human action or a security breach. For example, if a patient’s device reports it administered 50 units of insulin when the normal dosage is 5, doctors and network overseers realize there might be a system malfunction. Anomalies such as this can be set to trigger an alert, notifying the patient, doctors, and network managers immediately.

3. Update patches automatically and manually

Device firmware and patch status should be checked both remotely and during routine maintenance to be certain they’re up-to-date. Keeping firmware current is essential to maintaining high levels of device security.

4. Tighten system access

Online threats have to come from somewhere. In some cases, healthcare workers unintentionally fail to login correctly or leave computers unattended, but in other cases, open access can grant access to people who may have nefarious intent. To minimize the chance for security breaches in a hospital or healthcare facility environment, practice the principle of least privilege. For example, not everyone in a hospital needs to have access to radiology data. Role-based control, a tool within some IoT platforms that allows you to restrict network and account access depending on the person’s role, is another helpful security precaution.

5. Medical device data encryption

Encrypting data is essential to cybersecurity, but in IoT, it’s not always end-to-end. That’s because IoT data often passes through different systems and software as it traverses the path from edge to cloud — making it harder to ensure constant encryption. Some companies are working toward open-source solutions that are compatible across platforms, but they’re still in development. With this awareness, work toward a solution that guarantees encryption for IoMT data, both in transit and at rest.

6. Antivirus software

Antivirus and threat management software can be an important component of cybersecurity, particularly in larger hospital networks.

Hologram makes IoT security a priority

At Hologram, transparency embodies everything we do, including protecting our customers’ data and devices. Hologram Inflight detects inconsistent data usage to monitor for device tampering, and our platform allows you to easily pause and deactivate devices with a suspected security breach. We understand IoMT security and are always available to advise you on best practices.

Get started with Hologram today

  • Talk to an IoT expert
  • Receive a free SIM
  • Customize your plan