Medical IOT devices need to be secure and safe
Share
Jul 11, 2022
There is a need to protect all online personal data, but even more so with medical records.
With the rise in home health care, we need everyone in the loop to feel that their identity and data is being protected, from their online connection with the healthcare practitioner, to the patient, to the resource centres where the medical information is being stored.
Security comes from ensuring your network connection is safe, removing the threat of cyber-attack and by eliminating any vulnerabilities that may exist in your system setup.
Particular areas of weakness that cyber criminals and hackers can use to their advantage can be access through an unsecure network, or by tapping into your system as it performs it’s ‘boot up.
Adding Network Security
Attacks on assets connected to the Internet of Things (IoT) more than doubled last year, topping 1.5 billion.
Many medical IoT devices are designed and developed without the right levels of security, which unfortunately means that they serve as easy access points for the dreaded hacker!
And you’d be mistaken to think that small IoT devices like gateways, smart appliances, and industrial sensors are too small to be worth attacking. That just isn’t the case.
Without adequate protection, your medical IoT devices is a target to:
- Data breach
- IP theft
- Spying
- Sabotage including bricking
For these reasons, protection is vital, but usually it needs to be relatively lightweight, not dependent on direct user interaction or need excessive software that can increase cost, complexity, and power consumption.
Moreover, many connections between IoT endpoints and devices like gateways are implemented using wireless standards like Bluetooth® or Wi-Fi that do not have heightened security. Criminals can connect their own devices to a target network using these interfaces.
A hacker can bring down an entire network if they can gain access to an IoT gateway and restrict services. The consequences of successful attacks, for owners and operators, include:
- Compromised validity of certifications and complied regulations
- Recovery/repair fees
- Customer/client trust in a robust system
- Downtime
Therefore, the underlying aim must be to prevent unauthorised access to the network. It’s also important to be able to detect any breaches that occur, and measures are needed to reduce the impact of these breaches.
Achieving these goals requires proper planning of the secure network which we discuss in our article “keeping your network safe”, which also covers:
- Additional techniques such as intelligent power tracking
- About NXP’s i.MX 8 application processors
- Third-party platform like Azure Sphere
- And how cybersecurity standards protect medical IoT devices
Achieving A ‘Secure Boot’
Did you know that smart connected devices are potentially vulnerable when booting up?
A ‘secure boot’ protects against attack, as it establishes trust in the device, which is founded on the immutability of hardware: the hardware is the root of trust.
Simply described, secure boot ensures:
- That the digital signature of the first-stage bootloader matches with a key that is written into the device during production and confirmed with one-time-programmable fuses that prevent any further changes
- This provides the hardware root of trust
- The trusted bootloader verifies the credentials of the software loaded in the next stage of the boot process
- Each subsequent stage verifies the following stage until the entire boot sequence is complete, creating a chain of trust that’s rooted in hardware.
Secure boot protection for an application processor comprises on-chip logic as well as software libraries and a PC-based code-signing tool. The i.MX 8 and i.MX 8X families from NXP have features which authenticates the bootloader, kernel, and other controller firmware to extend the chain of trust, showing how security features for IoT devices continue to evolve and become stronger.
Ensuring a secure boot should be of interest to all medical device manufacturers who are developing products with IoT in mind.
If you need and want to find out more about how secure boots work, why they are so effective, and their limitations, you can read our full article here.
The Anders Interface: Innovative. Intuitive. Intelligent.
