How secure is your medical device?

Technology advances and the rising awareness of fitness are driving the smart medical devices industry

In 2007, when cautious doctors replaced a former US Vice President’s heart defibrillator, a battery-powered device placed under the skin to monitor heart rate, they modified it so it couldn't be hacked by terrorists, by having the manufacturer disable the wireless feature.

Smart wireless pill bottle
Smart wireless pill bottle helps people take their medicine regularly, by sending reminders for missed doses

A booming industry

The development of connected portable medical devices, wearables and apps, and implants is booming, thanks to the advent of the Internet of Things (IoT), connected technology and advances in artificial intelligence (AI).

The global smart medical devices market is expected to reach USD 24,46 billion by 2025, according to a report by Grand View Research. Manufacturers must ensure these devices remain secure from cyber threats for user safety, while maintaining the privacy of all the personal data they gather, store and share with other healthcare services and providers.

The role of standards

Since 1968, IEC has been developing international standards for safety and performance of electrical equipment used in medical practice. The IEC 60601 series covers a wide spectrum of devices, systems and domains. The standards are developed by experts from the medical professions, industry, healthcare establishments, the information technology and software worlds and regulatory bodies.

Michael Appel, certified anaesthesiologist and Chief Patient Safety Officer for Northeast Georgia Health System, leads IEC work in this area and discusses the evolving challenges of the medical industry, which must follow a growing number of regulations for safety and security aspects of medical equipment and systems.

“Cyber threats and personal data privacy are the most essential questions that need to be answered. In the US, very strong privacy laws, and laws like the GDPR in the EU, could hinder the collection of such large amounts of data. This will have to be overcome, and the other big question which needs answering is: who owns the data gathered by these devices?”

From transport and accommodation, to storage and distribution of goods, technology companies are changing the way diverse industries operate, thanks to innovative software platforms, which offer new ways of doing business.

“If we’re not more nimble, new players will enter the industry, disrupt it, and do what is demanded by the market. Already there is talk of a shake up in the entire medical device and healthcare delivery world by entities not classically considered “healthcare companies”. These big tech companies will figure out a way to use the data within what is traditionally considered the realm of healthcare, so unless we acknowledge that there is a revolution unfolding before our very eyes and adapt to it, it will happen anyway”.

Evolving global demographics

World demographics are changing. By 2050, people aged 60 are expected to number nearly 2,1 billion worldwide, and those aged 60 or over to outnumber children under 10 by 2030, according to a report by the United Nations.

Aging populations, decreasing fertility rates, increased life expectancy and a growing prevalence of chronic diseases, represent major challenges for governments, who must implement policies to address the needs of older people, including housing, employment, social protection and healthcare.

Medtech is a vital part of the healthcare solution

Medical devices play an increasingly important role in alleviating overstressed healthcare services, by reducing the amount of doctor visits and saving costs. For example, patients can monitor their vitals in real time and send this information to their healthcare providers, who decide if treatment is necessary.

They also improve quality of life, from hearing aids, apps for the visually impaired and pace makers, to orthopaedic implants and continuous glucose monitoring devices, which check glucose readings in real-time and enhance the treatment of certain forms of diabetes.

Other rapidly evolving AI technologies such as algorithms help doctors improve diagnostics and treatments and could be used in intensive care units, to run fully autonomous systems which monitor critical patients, thereby replacing teams of specialists.

Ensuring data privacy, security and safety in a connected world

When it comes to data, it doesn’t get more personal than medical. In our connected world, if the security of smart medical devices is compromised, it could be fatal for users.

Against this backdrop, IEC 80001 series of publications developed developed for the application of risk management for IT networks incorporating medical devices, also offers guidance for the disclosure and communication of medical device security needs, risks and controls.
The standards can be used by medical device manufacturers and also support healthcare delivery organizations with the risk management of IT-networks with one or more wireless links.

Georg Heidenreich, coordinates Technical Regulations and Standardization at Siemens Healthcare and leads the IEC/ISO group working specifically on safety, security and effectiveness of health software, emphasizing the specific roles and obligations related to regulated medical devices, health software and the systems that incorporate health software and medical devices among the involved stakeholders.

“Publications produced will embrace new solutions, but be independent of specific technologies. Some areas being covered are new ‘fog’ and ‘cloud’ architectures and applications in the field of digital health, artificial intelligence and data analytics. We also expect to carry out another strategic analysis of the requirements of new technologies – notably AI and analytics by the end of the first quarter in 2019”.

Creating trust through testing and certification

People will be reluctant to use medical technology unless they know it is safe and their personal medical data and records remain private. One way to address this is through testing and certification.

IECEE, the IEC System of Conformity Assessment Schemes for Electrotechnical Equipment and Components, ensures that electrical and electronic devices and equipment meet expectations in terms of performance, safety, reliability and other criteria by testing and certifying these against international standards developed by IEC.

The System also covers risks to patients, those who operate the equipment – doctors, nurses and technicians, for instance – and maintenance personnel.

As the number of smart medical devices continues to grow, both the IEC Conformity Assessment Board (CAB) and IECEE have broadened their scope to include activities related to cybersecurity for the medical industry, to ensure user safety from potential cyber threats and data privacy.