Security is a bigger deal in medical devices than it might seem, and the steps to get there are significant but fairly straight forward.
In my last blog, I wrote about the potential for wearable, implantable, and attachable medical devices to be hacked. Though they may seem unlikely targets because of the relatively small percentage of the population at risk, the more disconcerting reason they've been overlooked is simply because they have not yet been broadly adopted.
The market for adult diabetics alone is expected to include 439 million adults by 2030, which does not include pediatric patients or the pregnant women who develop gestational diabetes.1 Though some of these diabetics will use insulin pumps and others may opt for more permanent treatments in the future, like an artificial pancreas, it is undeniable that the number of insulin pumps will grow over the coming years.
For this expanding population, it is important to remember that insulin pumps must be extremely precise. If they administer a larger amount of insulin than required, the extra dosage can put the patient into a hypoglycemic coma or worse. These devices, as well as some implantable automatic defibrillators and pacemakers, need a secure wireless communication between the manager and the device itself.
Beyond just this pool of personal devices, portable devices used in emergency situations could also become targets for hackers looking to disable emergency care units -- for example, those provided by the government in disaster situations. To some, this all might seem a bit farfetched. However, recent events suggest that security and privacy in medical devices merit our serious consideration and attention.
Now let's get to the bones of what security and privacy mean for these devices. On the hardware side, precautions need to be taken to prevent physical tampering. Supporting this protection at the software level requires adding cryptographic algorithms, architecture, and protocols with enough strength and power efficiency not to consume the battery too quickly.
Ultimately, the goals are confidentiality, authentication, and integrity of the data and communication between our medical devices, so the security measures should be selected carefully.
In order to avoid hackers' stealing cryptographic keys, measures like tampering or side channels could be implemented, leveraging techniques like pipelining and parallelism, which allow reduced power consumption for prolonged battery life. At a hardware level, gated clock, reduced swing, power domains, and the use of microcontrollers that support cryptographic algorithms should be considered when selecting design platforms.
At the architecture level, partitioning secure and unsecure zones should be implemented. This means that the cryptographic key should never be transmitted or used in an unsecure zone. In determining secure vs. unsecure, it's helpful to recognize that not all data is considered critical and therefore requiring security. For context, compare it to a clinical chart. Information like the patient's name, address, salary, personal details, test results, medication usage, personal history, and Social Security data all must be kept confidential. However, some other data captured is noncritical, like heart rate, temperature, etc., and this data could easily be managed over the unsecure areas.
Now more than ever, with the Internet of Things driving device development, privacy can sometimes seem unattainable. However, we must continue improving and finding better ways to protect ourselves from being spied upon and falling prey to hackers.
- Shaw JE, Sicree RA, Zimmet PZ. 2009. Global estimates of the prevalence of diabetes for 2010 and 2030. Epidemiology, Baker IDI Heart and Diabetes Institute, Melbourne, Victoria, Australia