In the fast-evolving world of healthcare, connected medical devices are revolutionizing diagnostics and patient care. From pacemakers and glucose monitors to advanced imaging systems and smart wearables, these connected medical devices (IoMT – Internet of Medical Things) have become crucial to improving treatment outcomes and helping people manage their health better. However, the increased proliferation of medical devices connected to the internet has also opened the doors to a dangerously large attack surface, making the security of these devices a significant concern.
The High Stakes of Medical Device Compromises
Connected medical devices are an integral part of managing and treating medical conditions today. Any compromise of these devices can have serious and far-reaching implications on patient health and safety. Imagine surgical navigation equipment malfunctioning during a heart surgery or a pacemaker being compromised by a hacker. These consequences can put people’s very lives in danger.
In 2021, Elekta, a Swedish medical systems company, suffered a cyberattack, taking down machines that delivered cancer radiation treatment and affecting patients across several well-known healthcare facilities in the U.S.
Beyond the immediate health risk, the integrity and confidentiality of medical data are also at stake. Connected medical devices generate and share a wealth of information, interoperating with several other resources on the hospital network. Cybercriminals gaining unauthorized access to Electronic Health Records (EHRs) and patients’ Personally Identifiable Information (PII) stored on these devices can misuse them to carry out identity theft and financial fraud at a large scale. Data breaches exposing sensitive patient records not only sabotage the sanctity of patient privacy and safety but also subject healthcare providers to financial losses, reputational damage, and exorbitant penalties from data privacy regulatory bodies, such as the Health Insurance Portability and Accountability Act (HIPAA).
In July 2023, HCA Healthcare, America’s largest hospital system disclosed a data breach that exposed information of nearly 11 million individuals. In November 2023, U.S.-based Ardent Health Services was forced to reschedule elective surgeries and divert ambulance services due to a ransomware attack.
For this reason, ensuring healthcare systems and medical devices are cyber-secure has become crucial to protecting the privacy and physical safety of patients and the overall integrity of the healthcare infrastructure.
What Makes Medical Devices Vulnerable?
Understanding the vulnerabilities inherent in medical devices is the first step toward effective protection.
- More often than not, security is an afterthought in device manufacturing. Security capabilities are not prioritized in the device’s initial development and design phase. Therefore, devices are engineered without the required hardware and software to support essential security functions, such as authentication.
- Many off-the-shelf medical devices run outdated and unsafe software versions and are not updated or patched regularly, leaving vulnerabilities open for exploitation.
- The use of weak authentication mechanisms and flawed authorization frameworks provide hackers easy access to the network. Lack of strong authentication is one of the primary root causes of ransomware attacks in healthcare, where malicious actors encrypt data or files (including encryption keys), holding critical information hostage until a ransom is paid.
- The lack of robust encryption makes it easy for attackers to compromise devices and steal sensitive data.
- The lack of reliable means to validate firmware or software updates increases the risk of software supply chain attacks. Firmware or software corruption can occur due to vulnerabilities introduced in the software supply chain, and the inability to detect them can cause large-scale security breaches.
How PKI Can Help Ensure the Security and Integrity of Connected Medical Devices?
Mitigating security risks associated with medical devices requires a holistic approach that can help safeguard the devices and their data without introducing bottlenecks in delivering healthcare services.
Given these requirements, Public Key Infrastructure (PKI) has emerged as an effective solution for medical device security. Founded on the basis of identity, PKI has been foundational for internet security for decades, ensuring safe network access and secure and encrypted online communications. It is now considered a powerful and sustainable security solution for meeting the device and data security requirements and establishing digital trust in healthcare devices.
How PKI helps Secure Medical Devices?
- Device Identification
The first step to protecting medical devices is establishing the means to identify them and ensure they are trustworthy. IoT vendors can embed PKI certificates (X.509 certificates) issued by a trusted root CA into medical devices right off the assembly line. Assigning each device with an immutable trusted identity (certificate) at the time of manufacturing helps monitor and manage medical devices throughout their lifecycle, providing traceability and auditability. When a device is no longer in use or is compromised, PKI certificates can be revoked to prevent the device’s future access to the network, mitigating the risk of counterfeited, spoofed, unauthorized devices. Additionally, when a suspicious duplicate certificate is detected, the PKI system can revoke all instances of the duplicate certificate across various devices, preventing it from being trusted. Additionally, when a duplicate certificate is detected, PKI can be configured to disable all devices using the certificate to prevent duplicates from being trusted by other devices, applications, or services to minimize the risk of a compromise and ensure patient safety.
- Device Authentication
As mentioned earlier, the healthcare ecosystem consists of various in-house and partner-owned medical devices, applications, tools, and services that need to talk to each other. To ensure secure connections, when two devices on the network want to communicate with each other, both devices can be enabled to verify each other through mutual authentication using their respective digital certificates. A valid certificate issued by a common root of trust is an indication of the integrity of the operating system and application on the device. Enabling PKI-based mutual authentication ensures that only authorized and trusted devices can connect to the network or talk to each other, reducing the risk of unauthorized access and data breaches.
- Data Encryption
Connected medical devices collect and process patient data to provide crucial insights and help make informed decisions. If the data isn’t accurate or reliable, it cannot be used. Hence, it is critical to ensure that the data collected by these devices is confidential and unaltered while it is stored or being transferred. To help achieve this, PKI provides end-to-end data encryption. Using the combination of a private key and a public key, data both at rest and in transit can be encrypted to maintain data integrity and confidentiality. As asymmetric keys come with a minimal footprint, they are well-suited for devices with limited computing resources.
- Code Signing for Workload and Firmware Security
Ensuring that the firmware initiates in a trusted state, free from tampering, is crucial to guard against vulnerabilities. PKI lends itself to this need with code signing or firmware signing. Signed firmware guarantees the authenticity of the firmware, assuring users that the software on the device is valid and safe to use. It also limits an attacker’s ability to do unauthorized modifications to the firmware. In addition to performing a secure boot, upgrading firmware securely is vital for maintaining system health. PKI helps establish strong access controls and systemic live policies for secure over-the-air and internet upgrades.
- IoMT Compliance
Considering the sensitivity of data medical devices collect, store, and process, the medical device industry is highly regulated worldwide. The FDA, EU Medical Device, ISO 13485, ISO 14971, and IEC 62304 are some of the major regulations and security standards that have set stringent guidelines for the safety, security, and efficacy of medical devices. Complying with these regulations is essential to stay secure and avoid penalties.
In 2023, the FDA (Food and Drug Administrator, USA) published detailed cybersecurity guidelines to help manage medical device security. Securing devices by design, implementing authentication, data encryption, and firmware protection, and ensuring regular device upgrades are some of the key measures that the FDA advocates under “Implementation of Security Controls” in the new guidance.
PKI helps meet these regulatory requirements by helping implement strong authentication for trusted access, end-to-end encryption for secure device communications, and code signing for firmware and software integrity. With automated PKI solutions, organizations can also enforce a uniform PKI policy and role-based access control to ensure all medical devices have valid identities and run the latest, thoroughly vetted software/firmware versions for industry-standard OT compliance.
Securing Medical Devices is A Collective Responsibility
As the adoption of connected medical devices increases, security threats get more real. Protecting these devices from cyberattacks is not an isolated task; it requires a collaborative effort from healthcare providers, device manufacturers, regulators, and cybersecurity professionals. The stakes are high, involving the safety and well-being of patients, the confidentiality of sensitive data, and the overall trust in healthcare systems. By adopting robust cybersecurity measures, such as PKI-based authentication, encryption, and code signing, the healthcare industry can leverage the benefits of technological innovations in enhancing patient care without compromising security. It’s not just about protecting devices; it’s about safeguarding the foundation of healthcare itself.
How AppViewX Can Help Safeguard Connected Medical Devices
There is more to PKI than just provisioning digital certificates. Managing the lifecycle of digital certificates efficiently is essential to securing medical devices throughout their lifecycle. However, this can be challenging due to the sheer number and diversity of devices. Ensuring proper issuance, distribution, renewal, and revocation for each certificate associated with a device can become a complex and error-prone process.
AppViewX CERT+ is a ready-to-consume, scalable certificate lifecycle management (CLM) solution that automates all certificate processes end-to-end. You can discover, inventory, monitor, and automate the complete certificate lifecycle including medical device certificates, all through a central console. By providing visibility, control, and insights, AppViewX CERT+ simplifies and automates certificate lifecycle management across the complex IoMT landscape and helps mitigate outages and cyber threats. Additionally, it helps simplify and fortify IoMT security by providing:
- Automated enrollment and provisioning of device identities
- Certificate lifecycle management through mobile device management (MDM) products
- Certificate lifecycle management through the AppViewX CERT+
- Code signing or firmware signing for secure boot
- Robust policy and compliance enforcement engine