From risk to security – cyber security success strategies for medical devices

Cyber security has gained significant importance in medical engineering in recent years. This is mainly due to the fact that medical devices are becoming increasingly connected. While this creates potential, it also presents complex challenges. The safety of patients, the security of their data, and data integrity are now key topics closely linked to cyber security. At the same time, regulatory pressure on distributors is increasing, requiring their products to not only operate effectively and reliably, but also to be protected against cyber threats. In the future, it will therefore be essential for them to firmly integrate cyber security into development and operational processes in order to both comply with legal requirements and maintain patient trust.

In this article, we take a look at possible solutions and strategies that can ensure the security and integrity of medical devices in the long term and that have proven to be effective in practice.

Identify. Evaluate. Act.

By far the most important measure for ensuring cyber security in a medical device is cyber security risk management. However, experience shows that this is often neglected or initiated too late in projects – often for budgetary reasons. This is a false economy, as the result is high costs for the subsequent implementation of additional requirements. Although standards like IEC 81001-5-1, the Medical Device Regulation (MDR), and US FDA guidelines exist, detailed guidance for practical implementation often remains insufficient. It is therefore crucial for companies to precisely define the requirements in their processes to ensure a systematic approach and traceability. The implementation of most of the activities required by IEC 81001-5-1 is now expected by the majority of notified bodies – even though their harmonization in the EU has been postponed again by an additional four years –, as is currently increasingly evident in audits.

A cyber security risk management process that provides a clearly structured approach for identifying, evaluating and handling risks is therefore recommended. This begins with the identification of risks, where "STRIDE" methodology (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) can be applied. This methodology makes it possible to systematically identify potential threats by creating data flow diagrams, and thus perform a comprehensive yet efficient risk analysis. Audit practice shows that a systematic approach is a basic prerequisite for gaining acceptance from notified bodies.

After identification, the identified risks are assessed using a risk matrix. For this, ITK Engineering uses a method based on the Common Vulnerability Scoring System (CVSS) to provide a quantitative assessment of risks in terms of their likelihood of occurrence and potential impact. This classification is essential for evaluating risk acceptance and defining risk mitigation measures in a targeted manner. Appropriate risk control strategies are developed for risks that are deemed unacceptable. These risk-mitigating measures are integrated into the medical device and its infrastructure to ensure the safety of the device.

Another important aspect of the risk management process is the use of multiple identification techniques. Since no single method can guarantee complete coverage of all potential risks, it is advisable to combine various approaches. In addition to the STRIDE methodology, a CVE scan of the software components used can be performed to identify, assess, and specifically address known vulnerabilities in the technologies employed.

Detecting the last security vulnerabilities

Another essential component for ensuring cyber security is penetration testing (pentesting for short). This is a methodical security check designed to specifically detect vulnerabilities in a product and is explicitly required by the IEC 81001-5-1 standard.

The primary goal of pentesting is to identify potential vulnerabilities that may have been overlooked despite careful risk management and secure implementation. It also provides a valuable opportunity to review the product's security from a wider perspective, which is especially useful toward the end of the development process. In practice, a combination of black-box and white-box testing has proven to be effective.

Continuously adapting and future-proofing cyber security strategies

Cyber security risk management and pentesting are indispensable in the development of medical devices. Systematic approaches and practical methods, as explained above, can be used to effectively identify and mitigate security risks. It is already evident how increasing migration to the cloud and AI-based systems will further increase the requirements for cyber security. In Europe, regulatory hurdles are also increasing with the introduction of the Cyber Resilience Act (CRA) and the AI Act (AIA). To meet these challenges, the continuous adaptation of cyber security strategies will also remain essential in the future.

Over the past decades, ITK Engineering has supported numerous healthcare companies in identifying vulnerabilities and deriving requirements aligned with the risk analysis according to ISO 14971. ITK provides engineering support regarding all mandatory and additional security activities. So if you need any assistance, please feel free to contact our Healthcare Cyber Security Specialist Dr. Joachim Wilke or directly reach out to our Healthcare team: [email protected].

Curious? Then don't miss the next issues and subscribe to our newsletter here and follow ITK Engineering.