HOME  |  NEWS  |  BLOGS  |  MESSAGES  |  FEATURES  |  VIDEOS  |  WEBINARS  |  INDUSTRIES  |  FOCUS ON FUNDAMENTALS
  |  REGISTER  |  LOGIN  |  HELP
Blogs
Guest Blogs
Medical Device Vulnerabilities: What to Protect & How to Protect It
2/19/2013

Return to Article

View Comments: Threaded|Newest First|Oldest First
Ann R. Thryft
User Rank
Blogger
Valuable information
Ann R. Thryft   2/19/2013 3:43:36 PM
NO RATINGS
Thanks for this article. We've had several discussions on the site about hacking medical devices, and this is valuable info on several ways they can be vulnerable.

Cabe Atwell
User Rank
Blogger
Re: Valuable information
Cabe Atwell   2/19/2013 5:09:57 PM
NO RATINGS
This is why medical devices are so expensive, the copious levels protection. When it comes to lives at risk, everything should be considered for testing. I'm not a big advocate of IP protection, but foreign companies are always looking to copy top-dollar products.

C

TJ McDermott
User Rank
Blogger
Re: Valuable information
TJ McDermott   2/20/2013 10:07:00 AM
NO RATINGS
Cabe, I would posit that it is overall cost of liability that makes medical equipment so expensive.  The risk of ANY failure is too great.

Having some personal data get out poses a very low risk to life.

Cabe Atwell
User Rank
Blogger
Re: Valuable information
Cabe Atwell   2/20/2013 4:51:06 PM
NO RATINGS
If medical history wasn't important, politicians wouldn't get so worried over it. I say leaked data is a big deal.

C

Ann R. Thryft
User Rank
Blogger
Re: Valuable information
Ann R. Thryft   2/20/2013 5:38:28 PM
NO RATINGS
The high cost of medical devices is due in part to a longer history of liability problems than of leaked data, a much more recent concern. Other factors like very high performance and the high cost of middlemen no doubt contribute yet more cost. But I think Cabe's point about leaked data is a good one--that's probably going to be a contributing factor to higher device costs in the near future.

NadineJ
User Rank
Platinum
Re: Valuable information
NadineJ   2/20/2013 4:13:14 PM
NO RATINGS
I agree.  This very valuable info and very timely.  

The general public may be more comfortable with less privacy in social media but not with their medical data.

Charles Murray
User Rank
Blogger
Re: Valuable information
Charles Murray   2/25/2013 7:47:58 PM
Good point, NadineJ. Hackers could misuse information about communicable diseases and psychiatric treatment (among other things) to cause to a great deal of trouble for unsuspecting patients.  

Charles Murray
User Rank
Blogger
Secure OS?
Charles Murray   2/19/2013 7:51:12 PM
NO RATINGS
Alan, I'm curious how important it is to have a secure operating system for some of these medical devices. We often see operating systems decribed in terms of levels or security -- what level of security should designers aspire to?

Alan Walsh
User Rank
Iron
Re: Secure OS?
Alan Walsh   4/4/2013 2:36:01 PM
NO RATINGS
Charles, first off apologies for the delay in responding.  I lost track of when the article was going live.  The level of level of security depends on the safetly classification of the device.  In cases of lowest patient risk something like SELinux or SEAndroid (Security Ehanced) may be appropriate.  In cases of higher risk most closed source OS options that offer packages specifically for medical device development will be closed-source, and provide an appropriate level of security as a starting point.  In terms of networked devices one aspect of security outside scope of my post is IT policy.  The range and nature of devices that connect to your network, and whether or not persistent storage is all encrypted, and whether it's possible to install new apps, etc all contribute to overall security.

Nancy Golden
User Rank
Platinum
Layered Strategies and the Need For It
Nancy Golden   2/20/2013 9:32:23 AM
NO RATINGS
Interesting article - the layered strategy makes good sense as well as not advertising any specifics about the security methods that are in place. A lot of what was said applies to technology in general as well. Too bad we can't direct the energy and innovation that must be used to make products secure to enhance perofrmance instead. Malicious attacks on medical devices is a sad statement of our society - but then, I have never understood why so many hackers waste so much time and energy to cause problems when they could direct their abilities towards doing good and contributing to society with their accomplishments...

Alan Walsh
User Rank
Iron
Re: Layered Strategies and the Need For It
Alan Walsh   4/4/2013 2:43:53 PM
NO RATINGS
Nancy, first off apologies for the delay in responding.  I lost track of when the article was going live.  Absolutely most of what I described is generally applicable to consumer devices as well as medical devices.  Device and information security is generally a fairly mature and active area of development, and I was trying to illustrate some of the areas where medical device designers and manufacturers should be paying more attention to security, in an environment that historically has had fewer security concerns (non-networked devices, used in controlled environments, by trained health care professionals).

Nancy Golden
User Rank
Platinum
Re: Layered Strategies and the Need For It
Nancy Golden   4/4/2013 2:53:19 PM
NO RATINGS
I certainly see your point, Alan. Current trends are taking technology usage out of the hands of specialists and into those of less technical users who may inadvertently create a security breach that allows sensitive information to either be accessed or corrupted. Networking is definitely on the increase in medical applications for easier sharing of data - I can see how this increases the need for security...

Greg M. Jung
User Rank
Platinum
Malicious Intent
Greg M. Jung   2/27/2013 8:18:27 PM
NO RATINGS
From a patient safety standpoint, I'm not as concerned with the pirating of medical information as I am about a hacker who infiltrates the medical device with malicious intent.  I think we should consider ways to mitigate hacker risk if a medical device is connected to a network and could be vulnerable to an attack on its operating system (where applicable).

Alan Walsh
User Rank
Iron
Re: Malicious Intent
Alan Walsh   4/4/2013 2:41:11 PM
NO RATINGS
Greg, first off apologies for the delay in responding.  I lost track of when the article was going live.  I agree completely.  The focus of the article was intended to be FDA regulated devices, not so much data protection that would be governed by HIPAA.  In fact I was motivated to write because of the reports in 2011 that an insulin pump had been successfully hacked, and was able to be programmed maliciously over a wireless connection.

Alan Walsh
User Rank
Iron
Regarding cost of medical devices
Alan Walsh   4/4/2013 2:50:17 PM
NO RATINGS
Thanks all for your comments on the article.  Apologies for the delay in responding.  I lost track of when the article was going live.  I think there are three main contributors to the cost of medical devices.  One is definitely the higher development costs to meet regulatory and safety requirements.  However the "typical" medical device takes much less overall cost to develop than the iPhone for example.  Liability is another big piece, and I think the third important piece is the relatively low volumes.  At Logic PD I have worked with a variety of very recognizable device manufacturers, and volumes for some of the devices that we've worked on with large-scale development efforts can be in the 100's per year.  If you sell only about 1,000 in ten years every million you spend on development adds $1000 to the cost of each unit.  Such low volumes also increases the cost of the components that go into the device (buying a million memory chips is a much lower unit cost than buying 100).

tekochip
User Rank
Platinum
Unique Data Format
tekochip   4/4/2013 3:29:45 PM
NO RATINGS
Using a unique data format is an often overlooked area of security. Simply packing bytes and using bit fields not only makes the data packet smaller, but does prevent all bit the technically savvy from monitoring the data.


Partner Zone
More Blogs from Guest Blogs
Machine vision and video streaming systems are used for a variety of purposes, and each has applications for which it is best suited. This denotes that there are differences between them, and these differences can be categorized as the type of lenses used, the resolution of imaging elements, and the underlying software used to interpret the data.
In the face of growing challenges for embedded technology engineers, designers should actually be designing for a new IoT -- the Internet of Tomorrow.
As today’s product design cycles are held to tighter schedules and budget constraints, it’s becoming even more critical to consider human factors up front to catch and fix problems during the initial development stages, when it’s faster and less costly to do so. Overlooking human factors at the beginning of the design cycle could lead to poor user experience, a decrease in effective product performance, and an increase in safety risk to the user.
Plastic part manufacturers are always looking for ways to reduce cycle time and get more productivity out of their injection molding machinery. One of the longstanding constraints in injection molding production has been cooling time. Removing parts from the mold before they have cooled induces warping or shrinking. But wait time works against productivity.
Editor’s Note: This is part 1 of an in-depth look at six added-value opportunities -- adjacent to the aluminum extrusion option -- that OEMs can integrate to upgrade supply chain interactions from basic buyer-vendor transactions to critical collaborations on strategic, single-source solutions.
Design News Webinar Series
3/31/2015 11:00 a.m. California / 2:00 p.m. New York
2/25/2015 11:00 a.m. California / 2:00 p.m. New York
12/11/2014 8:00 a.m. California / 11:00 a.m. New York
5/7/2015 11:00 a.m. California / 2:00 p.m. New York
Quick Poll
The Continuing Education Center offers engineers an entirely new way to get the education they need to formulate next-generation solutions.
May 4 - 8, Designing Low Power Systems using Battery and Energy Harvesting Energy Sources
SEMESTERS: 1  |  2  |  3  |  4  |  5  |  6 |  7


Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.
Last Archived Class
Sponsored by Proto Labs
Learn More   |   Login   |   Archived Classes
Twitter Feed
Design News Twitter Feed
Like Us on Facebook

Sponsored Content

Technology Marketplace

Copyright © 2015 UBM Canon, A UBM company, All rights reserved. Privacy Policy | Terms of Service