SECURING CONNECTED MEDICAL DEVICES

The use of connectivity in healthcare devices to collect and disseminate real-time data for faster, more accurate analysis, or tailored treatment has certainly created a significant opportunity for medical professionals to improve diagnoses and treatment, and for healthcare providers to reduce operating costs and enable remote monitoring.

However, these devices also bring significant risks if security is not managed properly. These no only include risks to sensitive patient data, but to the patient themselves. When developing a device, or assessing the risks associated with using a device medical professionals and health IT departments there are criteria that should be considered.

CRITERIA THAT SHOULD BE CONSIDERED:

• To protect patient privacy, tokenization of patient identity should be used in data stores where feasible.

• End-to-end encrypted data communications should be used to preserve confidentiality for communications that cross the Internet, although where possible patient data should not cross the internet.

• Digital signatures should be used to preserve integrity. Highly-sensitive data such as firmware should only be accepted from authenticated end-points.

• Where possible, Denial of Service attacks should be mitigated by only accepting connection attempts from trusted network zones or specific IP addresses; where this is not possible, connection attempts should be rate limited.

• Where data flows in both directions, the security context should be mutually authenticated and cryptographic mechanisms including encryption and signature verification should be bidirectional.

• System integrators must check that devices using encryption support compatible cipher suites which are sufficiently strong for the lifetime of the product or device.

• To minimize the attack surfaces, unneeded platform services should be turned off.

• Security controls should be enabled and only lenient when there is a sufficiently low risk to do.