Integrating safety and security into connected medical devices

January 23, 2015 // By Lauri Ora, ARM
Combining the safety requirements from different medical standards and demonstrating high levels of security is a challenge. However, built-in fault detection, control, and software separation features and advances in architecture and a safety ecosystem for safety-related designs are helping developers overcome some of these key challenges.

The growing use of electronics in medical equipment has led to new safety standards; these standards, combined with the increased security requirements brought about through increased connectivity, are placing new demands on developers of medical hardware and software. Providing justification for the safety of an unsecure connected device will be extremely difficult, as potential attacks via the network connection can directly impact the safety functions. This means that both safety and security aspects have to be rigorously considered for new designs.

Over the last few years, microcontroller designers have introduced additional features specifically to help develop safety-related systems. These features are helping software developers tackle the challenges they are facing. For example, support for virtualisation in the hardware can help developers use existing, proven code alongside newly developed software without compromising the safety of the overall system.

The medical equipment industry has been adopting electronics-based safety technologies with increasingly more complex designs. Infusion pumps and pacemakers that keep patients alive are increasingly using safety-related semiconductor devices at the heart of their designs. As systems become connected, either to share data or for remote operation in “telehealth” applications, the security elements of the designs become equally as important as the safety elements. It is impossible to have safety without security. The need for safe and secure devices has therefore resulted in a wide range of safety standards that have to be considered in the development of medical equipment. In addition, there are stringent sets of approval processes from organisations such as the FDA in the US, or the notified bodies operating within the framework of the European Medical Device Directive.

next page; Safety considerations for medical applications