Medical device security and the regulations that govern it may be somewhat lax today, but that’s all set to change if the Federal Drug Administration has anything to do with it.
According to an audit report released by the Department of Health and Human Services’ Office of Inspector General, while the FDA is already making an effort to scrutinize the cybersecurity vulnerabilities of new medical devices, HHS believes the FDA “should further integrate its review of cybersecurity into the premarket review process.”
The FDA--often scrutinized for its slow, bureaucratic processes--has wasted no time in heeding the call.
Having first reported on the HHS OIG audit in September, the Minnesota Star Tribune noted that the FDA has not only already begun working on some of the HHS recommendations, but is trying to take them a step further. From the Star Tribune:
FDA officials welcomed the input, noting that they were already following most of it and going beyond it in other aspects.
The guidance involves having the FDA make changes to its internal processes to make sure it asks questions about medical device cybersecurity earlier in the device-approval process, and to ensure such questions are asked uniformly when new device submissions are made …
New rules under consideration at FDA could require device makers to create and distribute a “software bill of materials” that would identify all of the software that comes standard on a device. The agency is also considering forming a public-private CyberMed Safety Analysis Board that would assess high-impact cyber problems, serve (sic) as a “go team” to investigate potential and actual device compromises at the FDA’s request.
For manufacturers, it’s always seemed like only a matter of time before medical device regulations bore down on the industry. But, the recent report of the FDA’s efforts to establish and begin enforcing internal medical device security guidelines means it might not take an act of Congress to give manufacturers the incentive they need to start building more secure products.
Why Medical Device Security Matters
As the FDA prepares security standards for the medical-device-approval process, we should remember why medical device security is so important in the first place.
While hospitals abound with connected devices these days, the ones the FDA is most concerned about are embedded—or rather, they're implanted in the patients who use them.
Embedded devices, such as pacemakers and insulin pumps, are life-saving innovations that have dramatically improved the quality of life of the patients that use them, and have made once crippling conditions and diseases bearable.
However, as with any successful product, innovation doesn’t stop after initial market release. Pacemakers and insulin pumps, once manual devices, have gone through evolutions during their life cycles and today are smarter and more connected than ever before.
While these new functionalities make for better medical devices, at least in theory, they also open up a slew of attack vectors that never before existed. For the first time, bad actors have the ability to remotely hack into a device implanted in your body, take control, and begin manipulating it.
One does not need a degree in medicine to read the writing on the wall.
The Consequences of a Compromised Medical Device
The most dire consequence of a compromised medical device is death.
A pacemaker, for example, is designed to send electric shocks to the heart to keep it beating regularly. Most pacemakers also include a defibrillator that is activated during emergencies when the heartbeat becomes irregular and dangerous. This is where modern pacemaker risks come from.
As has been depicted in television, and proven by researchers, a bad actor could gain access to a connected pacemaker and kill the patient by either 1) activating the defibrillator when the heart is beating regularly or 2) by withholding the electrical shocks that keep that heart beating regularly in the first place. Either result in almost certain death.
Today’s insulin pumps come with similar risks. As any diabetic will attest, the amount of insulin being delivered must be precise both in its dose and timing. A bad actor, therefore, could manipulate an implanted insulin pump to overdose the patient or withhold the life-saving medication from them entirely.
But the consequences of a compromised medical device don’t just put patients’ lives at risk. These embedded devices also happen to send a tremendous amount of valuable data to doctors, hospitals, and research facilities. A bad actor could exfiltrate this data—either for the purposes of espionage or sabotage. In either event, the financial hit associated with the loss of valuable data, as well as the legal repercussions thereof, is enough to make any medical device manufacturer shutter.
Medical Device Security and Safety Is Possible
Medical device security is a high-stakes game, especially when you think about the safety of the patients involved.
While the FDA’s new guidelines are overdue and should be welcomed, they’re sure to frustrate device makers because of their focus on software.
Software is the primary way device makers attempt to secure their products, but as we’ve discussed on this blog before, software alone cannot fix our cybersecurity problem. That’s because all software is inherently flawed since writing bug-free code is impossible.
To paint a picture for you, fixing inherently flawed software with more software that’s inherently flawed, is much like trying to bail out a sinking ship with a sieve. You might make some progress, but it’s only a matter of time until you drown.
The answer, then, to providing medical device security and safety must be in hardware.
Sentry processors, such as Dover’s CoreGuard™ silicon IP, can help immunize medical devices from cyberattacks by acting as a bodyguard for the host processor. By implementing such a security solution, medical device makers can accomplish two, important things:
- Stop remote cyberattacks: CoreGuard lives directly on the SoC and monitors every instruction set the host processor is asked to execute. When an instruction is presented asking the processor to act in a way it wasn’t designed to, CoreGuard flags the instruction set and does not allow the processor to run it. Since CoreGuard isn’t a software solution, it can’t be subverted remotely over the network.
- Ensure safe medical device operation: When a pacemaker’s or insulin pump’s host processor is sent malicious code, we want the processor to reject the instruction set, but the last thing we would want is for the device to shut down as a result. CoreGuard helps the host processor continue to do what it is meant to do—such as trickle-charge a heart or dispense insulin—after an attempted attack has occurred.
As the FDA bears down on the medical device industry, it will be security solutions like these that will keep regulators at bay and manufacturers competitive in the market.
Learn more about CoreGuard and how it can help secure your medical device, here.