Sterling Medical Devices & RBC Medical Innovations are combining to create Vantage MedTech! Meet RBC
Contact Us
Close Form

Interested in learning more about how we can work together in your current or next medical device design project?

Just fill out this form and we’ll be in touch!

  • This field is for validation purposes and should be left unchanged.

Wherever you are in your product development lifecycle,
Sterling can help.

P: 201-877-5682
F: 201-301-9169

Why Cybersecurity is Becoming More Important in the Medical Device Industry

Author: Keith Handler | Date: July 23, 2019

Cybersecurity in the medical device world has evolved from a footnote to a front-page headline. Articles with titles like “Medical Devices are the Next Security Nightmare” (Wired) and “Medical Devices… Lethal in Hands of Hackers” (The Hill) worry device manufacturers, doctors, and patients alike. These concerns are a direct result of an increasingly interconnected medical device ecosystem.

Where medical devices were by-and-large standalone systems in the past, today’s medical devices regularly communicate with other hospital/clinical systems, PCs, and mobile devices. This inter-connectivity presents new threats, vulnerabilities, and challenges for medical device manufacturers. Although regulatory bodies such as the FDA and the European Competent Authorities have introduced increasingly strict guidelines and regulations concerning cybersecurity, these guidelines are not enough to ensure patient safety. The following are some common potential threats and design tips to help mitigate them.

Common Cybersecurity Vulnerabilities

There are a few common areas of vulnerability that one must always consider when designing medical devices. The first fundamental aspect of designing a secure system is communication authentication. A number of high profile breaches in the past several years have made it clear that usernames and passwords do not provide sufficient security against malicious attacks. Credential leaks have been publicly posted for everything from Myspace to Bitcoin to email addresses in recent years. Even Facebook CEO Mark Zuckerburg had his social media accounts hacked due to a weak password in 2016.

Medical devices are not immune to this trend. A second line of defense known as “two-factor authentication” can be used to help mitigate threats associated with weak passwords and may include hardware authentication and biometric scanners. It is also critical to avoid creating loopholes that allow users to bypass any security controls. For example, the use of hardcoded passwords or “super-users” is highly discouraged in any type of medical device design. A user should only be granted the level of access appropriate for them. Authentication should also be required to service and/or update the medical device, and data verification should be required for any update packages via a hash function or a cyclic redundancy check. Protecting against unauthorized access and verifying the authenticity of content is a critical part of designing a secure medical device and ensuring patient safety.

Is your product secure?

Now that you’ve put careful consideration into your user authentication, is your product secure? Even in systems with secure user access protocols, vulnerabilities may still exist and should be evaluated periodically throughout the lifetime of your product. Often, healthcare facilities will secure access to a network but forego security measures such as data encryption. This is like locking the front door but leaving the valuables inside unprotected. To fully protect patients, data must be secure at rest in a device, in transit over a network, and physically in space. Encrypting data both in transit and at rest protects against an unauthorized user who gains access to a network. Physically securing the device prevents an attacker from bypassing all security measures by simply stealing the data and attempting to decrypt it elsewhere. A multi-layered approach is vital to effective cybersecurity for your system and supply chain.

Ensuring Patient Safety

Taking these cybersecurity measures is vital to patient safety, but a careful FDA compliant maintenance should be developed and followed for the lifetime of the product as well. It’s unfortunately common for users to put off backups and updates until they have suffered from a loss or an attack. To avoid this, it is important to develop a maintenance plan that requires regular review, emerging threat analysis, and safety critical updates. If a vulnerability in any piece of hardware, software, OS, or off-the-shelf component housed in your device is not identified and patched, your entire device could be susceptible to systemic risk. The maintenance plan should also define procedures for detecting attacks.

There are a variety of ways to approach this detection including autonomous monitoring features that notify an administrator of an attack, manual forensic review of software logs, and malware detection reports. Finally, regular backup procedures should be defined so that critical data can be recovered in the event of an attack. Defining these features and formalizing these procedures is critical to ensuring effective cybersecurity during the lifetime of your product.

The increased inter-connectivity of medical devices opens the door to potential malicious tampering, however, these threats can be managed and mitigated through careful planning and design, risk assessment throughout your process, and a goal to go above and beyond cybersecurity regulations to ensure patient safety.

Share this!

Contact Us

  • This field is for validation purposes and should be left unchanged.


United States of America and Medicine button on keyboard

March 17, 2022

What Country Leads the World in Medical Innovation

We’ll get right to the point. The answer to the question, “what country leads the world in medical innovation?” is the United States. Medical industry professionals all over the world...
Read More >
View More Blogs

February 18, 2021

5 Mistakes Medical Device Startups Make

Startups are the lifeblood of medical device innovation. Without universities researching ways to solve pressing healthcare problems or doctors with experience in a particular field who have an idea to develop a prototype medical device that could help patients, the future technologies needed to help save lives wouldn't happen. But the long, arduous road through the FDA submission process to get market approval can take a long time and cost a lot of money without help. Sterling Medical Devices has been helping startups through the FDA approval process since 1998 without ever having a submission rejected.
Read More >
View More Videos

July 12, 2022

Scalp Cooling System

Overview Paxman has been pioneering scalp cooling technology for over a quarter of a century. Paxman’s clinically proven cold cap technology has helped over 100,000 cancer patients in more than 60...
Read More >
View More Case Studies

Need help with your medical device?

Let Sterling Medical Devices show how to bring your idea from concept to prototype to
FDA/CE approval with a free custom project analysis.
Request Free Analysis