MedCity Influencers, Devices & Diagnostics

Cybersecurity in the Connected Medical Future

The healthcare industry of the future will be defined by interoperable systems that need to securely share critical data across devices, distributed applications, and networks. Device manufacturers play a pivotal role in the delivery of these secure and connected solutions

The future of connected healthcare is being realized with next-generation medical devices and technologies that are increasingly intelligent, and can integrate heterogeneous devices, data, and applications. Unfortunately, the need for data sharing across complex subsystems, devices and networks contribute to increased cybersecurity risk as a matter of design.

According to a recent report from Cynerio and the Ponemon Institute, 56% of organizations experienced one or more cyberattacks over 24 months from IoMT/IoT devices. The report also cites the fact that 89% of organizations are experiencing the equivalent of an attack each week– routinely impacting patient care. Today’s hospital networks consist of thousands of connected medical devices that enable life-saving care – thus presenting a high-risk landscape for cyberattacks. In a recent report from the FBI, 53% of connected medical devices in hospitals have known critical vulnerabilities. Hospitals are pushing device manufacturers for increased visibility into device designs, cybersecurity processes, and management of third-party software components.

sponsored content

A Deep-dive Into Specialty Pharma

A specialty drug is a class of prescription medications used to treat complex, chronic or rare medical conditions. Although this classification was originally intended to define the treatment of rare, also termed “orphan” diseases, affecting fewer than 200,000 people in the US, more recently, specialty drugs have emerged as the cornerstone of treatment for chronic and complex diseases such as cancer, autoimmune conditions, diabetes, hepatitis C, and HIV/AIDS.

Regulatory agencies are also increasingly raising expectations for secure product designs and device connectivity. The recently updated FDA cybersecurity pre-market guidance (April 2022) specifically calls for device manufacturers to demonstrate a cybersecurity architecture across the device ecosystem. Threat assessments should address secure data flow across various operational states, use cases, and users to mitigate intentional and unintentional exploits. Designs should also incorporate risk assessments of all communication paths to ensure secure data flows across internal and external interfaces.

For device manufacturers, insufficient cybersecurity controls pose significant risks in terms of regulatory approval, revenue, reputation, and exposure of intellectual property. Cybersecurity architecture must be considered early in the design stage to ensure effective and robust controls. Security architectures must also be scalable as features evolve and are maintained over many years. Further analysis in the FBI report indicated that many devices were not “initially designed with security in mind – due to a presumption of not being exposed to security threats.” As medical devices are transforming from historically standalone devices to components of distributed and intelligent systems, ensuring secure, reliable, and flexible architectures is a significant design challenge for manufacturers.

A zero-trust approach

How can device manufacturers leverage best practices to design for secure communications and interoperable systems? One approach that is discussed across industries is the “zero-trust” concept. This approach emphasizes the need to secure network traffic, regardless of network location. Data-centric software communication frameworks, such as the Data Distribution Service (DDS) standard, can enable zero-trust principles by enabling device manufacturers to secure the actual data in motion – not messages, or network perimeters. Based on open standards, DDS abstracts messaging between applications, and enables data isolation and fine-grained access control to data in motion. Because the communication framework is “data-aware” by design, known data structures are only shared with authorized applications that need the data. This is a powerful paradigm that enables the “deny-by-default” principle customized to the needs of the applications and use cases. The DDS framework is modular and decentralized, with no central server. DDS was designed for secure, reliable, and real-time data sharing, and is used across industries in distributed and safety-critical systems.

The healthcare industry of the future will be defined by interoperable systems that need to securely share critical data across devices, distributed applications, and networks. Device manufacturers play a pivotal role in the delivery of these secure and connected solutions, and therefore need to leverage standards and state of the art communication frameworks to address secure interoperability in device design.

Photo: Traitov, Getty Images

Darren Porras is the Market Development Manager for Healthcare at Real-Time Innovations (RTI). Darren has over 20 years of experience in the medical device industry and product development. Prior to joining RTI, Darren was a program manager at Medtronic for Surgical Robotics. Darren has also held program management and software development roles at Philips Healthcare and Integra Radionics spanning medical imaging, image-guided surgery, and cybersecurity.

Darren has a Bachelor of Science in Engineering from Duke University and Master of Science in Biomedical Engineering from the University of Alabama-Birmingham.