fbpx
1-888-310-4540 (main) / 1-888-707-6150 (support) info@spkaa.com
Select Page

Cyber Security in Medical Device Design

Published by Mike Solinap
on June 2, 2014

With the push by big technology players (Cisco, Google, Intel, etc.) towards connectivity in everyday devices, cyber security is becoming more and more crucial. This push is even seen in medical device design as the industry begins to move toward cloud-integrated and network-connected devices so that they may be monitored or customized to surgeons needs on the fly.

The issue is that medical devices that used to be standalone machines are now being connected to wider networks. While this is useful, most manufacturers are not adding any increased security to their systems where a single machine attack used to be isolated and required physical access.

An infection and attack on an entire network of devices around the world can now occur completely remotely. A single change to an insecure cloud database or device that sets and gets settings from the cloud could lead to an entire device line being compromised. A few years ago, security expert Barnaby Jack showed that it is possible to compromise devices such as pacemakers and insulin pumps to attack patients as well. Any device with network connectivity will be insecure — and with strict FDA regulations on system updates, many manufacturers will not be patching issues as quickly as may be needed.

Thankfully, the FDA has been working on a draft guidance to try to set guidelines medical device engineers should use while designing their systems. The guidance also mentions possibly allowing validated operating system updates to be patched into systems in-between fully validated releases. Hopefully, the new guidance will help keep systems and patient data safe.

Next Steps:

Latest White Papers

Related Resources

Top 3 Tips To Protect Code For Developers

Top 3 Tips To Protect Code For Developers

When it comes to knowing how to protect code for developers, it’s as valuable as gold in an old safe. The risks are high as attackers becoming wiser, and that precious code is at risk from evolving technology too. That’s why in this article, we’ll share a...

Solving for the “Islands of Jenkins”

Solving for the “Islands of Jenkins”

In October 2022, I wrote a blog post entitled “Scaling Jenkins for the Enterprise”.  Within it, I described the “Islands of Jenkins” problem organizations face. Essentially, this problem stems from companies using an open-source Jenkins installation for each team, but...

Infrastructure as Code with Terraform

Infrastructure as Code with Terraform

Before we begin to talk in detail about this topic, we should clarify some definitions first.  The first term comes from the DevOps movement where IT Operations staff use the concept of revision history/version control by using the concept of infrastructure as code. ...