28 May 2022

Medical devices: connectivity challenges data security and privacy

In the past decade, there has been an explosion in the number and types of medical devices available on the market. However, the use of technology brings about more significant concerns for the security of these devices, their data and patients’ privacy.

These devices improve patient outcomes, reduce risks to patients and medical personnel, and make therapies available that were unthinkable 20 years ago.

More and more of these devices are connected to the outside world using the same internet that we use every day. Doctors can now access data from implanted devices over the internet, can collect and easily analyse data from multiple devices, and can even adjust these devices remotely if needed to improve the outcome of a patient.

Security vulnerabilities are in every product, including medical devices. Medical device manufacturers need to recognize this and prepare for any errors to limit potential damage and exposure. Knowing any issues, potential fixes and the severity of risk can give companies the opportunity to act fast and secure their devices.

Every significant Common Vulnerability and Exposure (CVE) is documented in the US National Vulnerability Database. This database can inform other companies of known information about a security issue, as well as any existing solutions for it. While many exploits used by hackers are known and fixable, there is always the possibility of an unknown security threat. Regulatory agencies now require manufacturers to manage product defects as part of the post-market plans. There are many considerations to make during product development to future-proof a device.

Using an operating system (OS) provider, such as Siemens Embedded, can provide benefits to your product development. The OS provider:

  • Focuses on the OS as a product itself and develops, tests, and releases the product.
  • Provides services and support to the team that will accelerate product development.
  • Maintain their products, providing regular updates to customers.
  • Strongly focused on security vulnerabilities, including CVEs.
  • Experience working with other medical device manufacturers

Siemens Embedded Solutions has published a white paper designed to help medical device manufacturers to be better prepared to protect patient data and to achieve regulatory approval.

It covers:

  • Development and maintenance of Off-the-Shelf (OTS) software for devices
  • How to prepare and mitigate vulnerabilities in OTS software
  • FDA requirements for device manufacturers to achieve regulatory approval