Recent advancements around the Internet of Medical Things (IoMT), medical devices, smart sensors, device manufacturing, and big data technologies have enabled the design and manufacturing of devices for a wide array of disease-specific applications in health care.
These devices can be used to remotely monitor, diagnose, and eventually predict various diseases and aid in the rehabilitation of patients. They can often offer an unobtrusive and affordable alternative to costly and time-consuming healthcare efforts, such as hospitalisation and late diagnosis.
There is no doubt that the future of healthcare is digital, and that IoMT devices are a game changer, driving down costs and helping improve patient care. But their widespread use will make them a huge target for cybercriminals, exposing vulnerabilities and posing various security challenges.
Due to the complex component architectures, manufacturers of these devices face a number of challenges when developing their devices, and speed-to-market is typically the overarching business imperative when maturing these modern devices.
As well as ensuring devices have connectivity capabilities, manufacturers have to consider minimum sensor configuration, data security (including data loss), security breaches, battery life, appropriate user interfaces, user acceptance, accurate diagnoses, and much more.
As IoMT devices are capable of managing and monitoring masses of personal health data, it is just as important to protect that data. However, lack of computational power means many of these devices lack the necessary encryption needed to do so. Physiological data and sensitive user information are usually transmitted wirelessly, making that data prone to invasion and alteration, posing major challenges to secure the transfer and storage for both consumers and manufacturers.
Currently, the computational power of IoMT devices limits the ability of manufacturers to embed complicated security mechanisms on the device, meaning that authentication (PIN, password, or biometric security) is overlooked, leaving them susceptible to unauthorised access.
Furthermore, these devices tend to connect to smartphones or tablets wirelessly via BluetoothⓇ, ZigBee, NFC, or Wi-Fi. The need for regular communication and data synchronisation creates another entry point into the device, making it further prone to information leakage.
Finally, many IoMT devices run their own operating system and need to be patched and updated to avoid falling prey to the latest security vulnerabilities. This ability and frequency needs to be factored into manufacturers’ roadmaps when developing these devices.
To effectively solve these problems, manufacturers must engineer devices with data security baked into their fabric. This can be accomplished by developing devices that include custom security settings, Bluetooth encryption and remote erase features, and by encrypting data elements such as passwords, user IDs, user information, and PINs.
DMI has been working with medical device manufacturers to scope, define, and apply best practice data security frameworks before devices are released to the market. Some of the recommendations contained within the framework include a methodical risk management and design process that can appropriately capture and communicate design, implementation, and risk management decisions and rationale, as well as ensuring data authenticity and integrity.
We apply this framework across our IoMT connected health projects and ensure devices implement each of the recommendations listed:
As an ISO27001 accredited organisation operating in the healthcare space, we understand the growing complexity and security risks of the IoMT and connected medical devices.
Whether you need help:
Our subject matter experts can help you overcome barriers to successfully digitize your IoMT products and services. We have significant experiences with a variety of communication protocols including BluetoothⓇ, WiFi, and Zigbee and have the resources and expertise needed to help organisations achieve true interoperability.