Medical Design and Outsourcing

  • Home
  • Medical Device Business
    • Mergers & Acquisitions
    • Financial
    • Regulatory
  • Applications
    • Cardiovascular
    • Devices
    • Imaging
    • Implantables
    • Medical Equipment
    • Orthopedic
    • Surgical
  • Technologies
    • Contract Manufacturing
    • Components
    • Electronics
    • Extrusions
    • Materials
    • Motion Control
    • Prototyping
    • Pumps
    • Tubing
  • Med Tech Resources
    • DeviceTalks Tuesdays
    • Digital Editions
    • eBooks
    • Manufacturer Search
    • Medical Device Handbook
    • MedTech 100 Index
    • Podcasts
    • Print Subscription
    • The Big 100
    • Webinars / Digital Events
    • Whitepapers
    • Video
  • 2022 Leadership in MedTech
    • 2022 Leadership Voting!
    • 2021 Winners
    • 2020 Winners
  • Women in Medtech

How to design for patient safety, data security and reliability

October 29, 2018 By Nancy Crotti

Medical device creators are designing electronic devices with enhanced and sophisticated functionality, with most of the complexity contained within the software. Many new devices are also equipped to communicate with hospital networks, one another and the IoT (Internet of Things).

Martin Nappi, Green Hills Software

(Photo by Markus Spiske on Unsplash)

Designing life-critical software into the medical device and then connecting it to a hospital network or the expanding IoT introduces an elevated level of risk. It also broadens the potential attack surface of the device to would-be cyber attackers.

Due mainly to the increasingly aggressive threat landscape, governing authorities like the FDA expect device manufacturers to take cybersecurity very seriously. To achieve approval to bring a Class III medical device to market, they expect manufacturers to conduct a threat assessment that includes an analysis of the potential for patient injury and mitigation of identified security risks. Manufacturers must provide an analysis of the likelihood and severity of patient harm balanced against other design considerations. Product developers are expected to incorporate device cybersecurity and perform risk-analysis at every phase of the development cycle.

Operating systems like Windows, Linux, Android and many embedded real-time operating systems (RTOS) are not appropriate for use in life-critical devices. Basing a connected medical device design on a weak or vulnerable operating system framework may be suitable for some devices, but not for a Class III medical device or any device whose unauthorized breach or anomalous behavior could directly or indirectly cause a loss of life. These operating systems only protect against inadvertent or casual attempts to breach the device’s security. Furthermore, their immense base of program code has proven to contain thousands of vulnerabilities, according to the National Institute of Standards and Technologies.

Using microkernel architecture

Other industries, including avionics and automotive, have transitioned to using a software architecture based on partitioning or separating different software tasks into separate memory areas on the device. This high-integrity separation-kernel or microkernel architecture uses microprocessor memory protection and hardware security to guarantee isolation of software components, monitor run-time operation and ensure each task has the resources required to run correctly. The underlying microkernel constantly monitors the overall system, detecting and isolating any unusual behavior caused by errant or malicious code.

Critical tasks are partitioned separately from non-critical tasks, and information flows are validated. Digital certificates and keys are tied to the hardware root of trust to protect software and communications. Network connections may be enabled to specific tasks or to guested operating systems such as Windows or Linux, hosted in separate non-critical partitions so that coding errors and security breaches cannot affect critical functions of the device.

Given the risks, external and independent software testing authorities should validate systems against stringent industry standards (e.g. RTCA DO-178B, ISO/IEC 15408, IEC 61508) with rigorous safeguards against failure conditions and strong resilience to defend against unauthorized access. It is reassuring to know that there have been separation kernel operating systems commercially available from multiple vendors for up to 20 years that are recognized by international authorities as meeting the highest levels of safety and security.

Conclusion

Historically, product security in the medtech industry was much less of a concern because many devices were not connected to networks, smartphones, and tablets. But with the emergence of the IoT and the criminal element that comes with it, the top three priorities for device designers are now:

  • Keeping the patients and clinicians safe;
  • Keeping electronic health records secure;
  • Keeping the device consistently operational and resistant to cyber attack.

Life-critical devices and our healthcare system need to be resistant to sophisticated, well-funded cyber-criminals, including terrorists or any criminal group with a reason to compromise our healthcare system.

Martin Nappi is VP of business development for the medical industry at Green Hills Software. He is a 30-year veteran of the embedded systems industry and is responsible for providing safe and secure software technology for medical devices and systems.

The opinions expressed in this blog post are the author’s only and do not necessarily reflect those of Medical Design and Outsourcing or its employees.

Related Articles Read More >

Marketing image of DeviceTalks Boston 2022 show floow
DeviceTalks Boston 2022: Here’s what you missed on the show floor
A portrait of Rex Chekal, a principal product designer at TXI
Patients and physicians: How to boost adoption in digital health
UMN robotic arm
Engineers develop AI-based technology to allow amputees to move robotic arms using their mind
Iterative Scopes CEO Jon Ng with Skout AI visualization software
Iterative Scopes announces positive data in Skout AI colonoscopy algorithm clinical trial

DeviceTalks Weekly.

July 1, 2022
Boston Scientific CEO Mike Mahoney on building a corporate culture that drives high growth results
See More >

MDO Digital Edition

Digital Edition

Subscribe to Medical Design & Outsourcing. Bookmark, share and interact with the leading medical design engineering magazine today.

MEDTECH 100 INDEX

Medtech 100 logo
Market Summary > Current Price
The MedTech 100 is a financial index calculated using the BIG100 companies covered in Medical Design and Outsourcing.
DeviceTalks

DeviceTalks is a conversation among medical technology leaders. It's events, podcasts, webinars and one-on-one exchanges of ideas & insights.

DeviceTalks

New MedTech Resource

Medical Tubing

Enewsletter Subscriptions

Enewsletter Subscriptions

MassDevice

Mass Device

The Medical Device Business Journal. MassDevice is the leading medical device news business journal telling the stories of the devices that save lives.

Visit Website
MDO ad
Medical Design and Outsourcing
  • MassDevice
  • DeviceTalks
  • MedTech 100 Index
  • Medical Tubing + Extrusion
  • Drug Delivery Business News
  • Drug Discovery & Development
  • Pharmaceutical Processing World
  • R&D World
  • About Us/Contact
  • Advertise With Us
  • Subscribe to Print Magazine
  • Subscribe to E-newsletter
  • Attend our Monthly Webinars
  • Listen to our Weekly Podcasts
  • Join our DeviceTalks Tuesdays Discussion

Copyright © 2022 WTWH Media, LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media LLC. Site Map | Privacy Policy | RSS

Search Medical Design & Outsourcing

  • Home
  • Medical Device Business
    • Mergers & Acquisitions
    • Financial
    • Regulatory
  • Applications
    • Cardiovascular
    • Devices
    • Imaging
    • Implantables
    • Medical Equipment
    • Orthopedic
    • Surgical
  • Technologies
    • Contract Manufacturing
    • Components
    • Electronics
    • Extrusions
    • Materials
    • Motion Control
    • Prototyping
    • Pumps
    • Tubing
  • Med Tech Resources
    • DeviceTalks Tuesdays
    • Digital Editions
    • eBooks
    • Manufacturer Search
    • Medical Device Handbook
    • MedTech 100 Index
    • Podcasts
    • Print Subscription
    • The Big 100
    • Webinars / Digital Events
    • Whitepapers
    • Video
  • 2022 Leadership in MedTech
    • 2022 Leadership Voting!
    • 2021 Winners
    • 2020 Winners
  • Women in Medtech