Sterling Medical Devices & RBC Medical Innovations are combining to create Vantage MedTech! Meet RBC
Contact Us
Close Form

Interested in learning more about how we can work together in your current or next medical device design project?

Just fill out this form and we’ll be in touch!

  • This field is for validation purposes and should be left unchanged.

Wherever you are in your product development lifecycle,
Sterling can help.

P: 201-877-5682
F: 201-301-9169

First, Do No Harm: Ensuring Medical Device Connectivity Solutions are Safe and Secure

Author: Matthew Calloway | Date: June 6, 2023

Woman using modern glucose monitor connected to laptop

Digital health solutions, like wireless technology in healthcare and medical devices that use Wi-Fi, have, and will continue to transform healthcare. They enhance patient experiences, such as earlier disease detection, personalized diagnostics & therapeutics, and optimization of care. If you are a medical device manufacturer faced with creating safe and secure medical device connectivity solutions it can often feel daunting. What is the FDA guidance on wireless devices? It is complex, comprehensive, and can be difficult to understand. No matter how your wireless technology is used in healthcare, we’ll break down everything you need to know about developing a safe, secure wireless medical device.

The Risks of Medical Device Connectivity in Healthcare

The use of wireless connectivity in medical devices brings numerous benefits improving patient outcomes, including real-time data collection, remote monitoring, and personalized treatment options. Wireless medical devices that use radio frequency (RF) wireless technology, and other wireless technologies, to collect or transmit data have quickly become an essential tool used daily by healthcare professionals to monitor patients.

With so much personal and sensitive health data stored using wireless technology in medical devices, cybersecurity risks, data breaches, and privacy violations pose a considerable threat to the healthcare industry. For example, in 2017, the FDA disclosed that a software vulnerability in a pacemaker could potentially allow an attacker to gain access to the connected device, steal medical data, or even modify the device’s settings, putting patients’ lives at risk. In 2020, a group of researchers found that the Bluetooth Low Energy (BLE) healthcare device protocol related to connectivity in medical devices such as insulin pumps, could be vulnerable to cyberattacks, potentially leading to the injection of incorrect doses or causing the pump to stop working. These breaches emphasize the need for enhanced security measures in telemedicine, IoT for medical devices, and wireless technologies.

Cybersecurity Regulations

To ensure the safety and efficacy of connectivity in medical devices, regulatory agencies such as the FDA and the European Medicines Agency (EMA) established rigorous standards and guidelines for medical device manufacturers to follow. These standards require software, firmware, and programmable logic used in medical devices to be built on a secure and reliable platform, undergo thorough testing and validation, and adhere to rigorous privacy and data protection measures. Manufacturers must prove that their wirelessly connected devices have been designed to limit unauthorized access and that they are able to detect and respond to cybersecurity incidents.

To comply with regulatory standards, medical device manufacturers can implement controls such as password controls, encryption, authentication mechanisms, and backup and recovery procedures. Additionally, medical device designers and manufacturers must develop a robust risk management plan for connectivity in medical devices that identifies potential cybersecurity and privacy threats, outlines steps to mitigate them, and creates a system to monitor them.

The FDA issued new guidance on medical device cybersecurity in 2022 and outlines specific guidelines that manufacturers must meet to ensure their medical devices are secure against cybersecurity threats. The latest guidance essentially brings medical devices in line with standard industry practice across the board, from finance to government and defense. The main difference is the added focus on patient safety, which is already core to medical device development. The requirements apply to a range of medical devices, including those that use wireless technology. They also apply to devices with software that is validated, installed, or authorized by the sponsor, and other wireless devices that can connect to a hospital network. Manufacturers have until October 2023 to comply with the new FDA wireless guidance. The FDA has warned that it will refuse to accept submissions for any new medical devices that do not meet these standards.

Practical Tips for Wireless Device Design and Development

According to a 2022 FBI report, more than half (53%) of the medical devices connected to the internet in hospitals have known critical vulnerabilities. The report identified several medical devices, such as insulin pumps, pacemakers, intracardiac defibrillators, and mobile cardiac telemetry, as being at risk of cyberattacks, with an average of 6.2 vulnerabilities per medical device. Compromising these medical devices could have serious consequences for patient safety. To build secure and reliable connected devices, designers and manufacturers should adopt industry best practices and take proactive steps to prevent, detect, and respond to potential cybersecurity and privacy threats. Here are some tips to ensure the safety and efficacy of a connected device like wireless implantable medical devices or cloud connected medical devices:

  1. Build security and privacy features into the design phase of the product development lifecycle. The specific terminology in the guidance is, a “secure product development lifecycle,” meaning that cybersecurity should be a part of all phases of product development, not just its design.
  2. Conduct extensive testing and validation of the software using industry-standard tools and methods regarding connectivity in medical devices.
  3. Develop and maintain a risk management plan that identifies potential threats and outlines steps to mitigate them.
  4. Stay up to date with the latest cybersecurity threats and vulnerabilities and take proactive steps to patch any vulnerabilities.
  5. Conduct ongoing development maintenance and monitoring to ensure the continual detection of threats and necessary remediation.
  6. Confirm that the device has traceability throughout its lifecycle, from design verification all the way through manufacturing, testing, and post-market surveillance.
  7. Take proactive steps to mitigate risks like verifying source code for all off-the-shelf solutions used in creating medical software or firmware.
  8. Work closely with all stakeholders involved in managing your product development lifecycle, including vendors and contractors, to establish design controls that will allow you to effectively follow FDA guidance.

The integration of software in medical devices has brought significant benefits to the healthcare industry, but it has also brought new risks to security and privacy. Medical device designers and manufacturers must follow international regulations and industry best practices to ensure that their connected medical devices are secure and reliable before they are authorized for use. Moreover, healthcare organizations must maintain a robust security posture and take proactive measures to prevent, detect, and respond to potential cybersecurity and privacy threats in medical device connectivity solutions.

With the right measures, certified wireless devices can be safely integrated into medical applications with peace of mind. When choosing a device, companies should focus on the benefits of features such as secure encryption, strong reliability, and low latency. The latest developments in the world of wireless technology will keep increasing these features to allow companies to get ahead of the competition. Taking all this into consideration, let our team guide you through the documentation process and ensure compliance with the FDA’s guidance on wireless connectivity so that your innovation can quickly reach its intended end users as safely as possible. Contact us to learn more about how to integrate cybersecurity measures into your software product development lifecycle and ensure your medical device connectivity solutions are safe and secure.

Share this!

Contact Us

  • This field is for validation purposes and should be left unchanged.


person holding a circuitboard

September 10, 2021

Types of Medical Device Patents: What You Need to Know

In recent years, we’ve seen more innovation in medical devices, particularly with the proliferation of mobile medical devices—a trend that exploded further due to the COVID pandemic. With...
Read More >
View More Blogs

February 18, 2021

5 Mistakes Medical Device Startups Make

Startups are the lifeblood of medical device innovation. Without universities researching ways to solve pressing healthcare problems or doctors with experience in a particular field who have an idea to develop a prototype medical device that could help patients, the future technologies needed to help save lives wouldn't happen. But the long, arduous road through the FDA submission process to get market approval can take a long time and cost a lot of money without help. Sterling Medical Devices has been helping startups through the FDA approval process since 1998 without ever having a submission rejected.
Read More >
View More Videos

September 8, 2020

Breathing Pacemaker

Sterling Medical Devices performed design services for a Class III breathing pacemaker with Major Level of Concern software, intended for use by patients who have lost neurological control of respiration. This life-sustaining device is comprised of two main components: an internal passive receiver and an external controller....
Read More >
View More Case Studies

Need help with your medical device?

Let Sterling Medical Devices show how to bring your idea from concept to prototype to
FDA/CE approval with a free custom project analysis.
Request Free Analysis