Case Studies Application Protection for Connected Medical Devices

Issue link:

Contents of this Issue


Page 0 of 1

Case Study | MAM + MDM: Enterprise Mobility at Scale 1 Application Protection for connected medical devices Safeguarding patients with connected pacemakers The advancement of cloud and mobile connectivity has transformed the way medical devices are utilized and data is shared with patients and medical practitioners. Unfortunately, in today's mobile-first, zero-trust world we see great advancements that also create unforeseen threats. Highlighting this threat is a recent publication "Security Evaluation of the Implantable Cardiac Device Ecosystem Architecture and Implementation Interdependencies" by Billy Rios and Jonathan Butts, PhD, that disclosed the fact that more than 8,000 known vulnerabilities could affect pacemakers and their supporting infrastructure. Medical device manufacturers need to address these threats to safeguard patients and protect their brand and financial health. An often-overlooked attack vector is the mobile app that interacts with connected medical devices. Responding to these threats the U.S. Food and Drug Administration on Dec. 27 2019 issued a final guidance addressing the cyber vulnerabilities in medical devices outlining how manufacturers should maintain security of internet-connected devices such as pacemakers and insulin pumps. The guidance was released as the FDA investigates claims that St. Jude Medical's heart devices are vulnerable to attacks that can endanger patient lives. This is a follow- on to a 2017 FDA security advisory that focused on vulnerabilities discovered in implanted medical electronics made by Abbot Laboratories. This action led to firmware updates affecting almost half a million pacemakers that were found to be at risk. A customer — one of the largest medical device manufacturers in the world and industry leading innovator — recognized the unseen threats reverse engineering poses to their mobile-based technology and took appropriate action to ensure patient safety. After an initial risk analysis, this medical device manufacturer decided to act before they became tangled up in a nightmare headline regarding patient safety. With a new pacemaker in the works that was going to use a mobile app to exchange data and treatment protocols with health care providers, the need for application protection became a clear and present requirement. Zero Trust security is a concept based on not automatically trusting anything inside or outside the business perimeter and instead stresses the need to verify everything trying to connect to any systems before granting access. I n tr u s i on p r e v en t i on F i r e w a ll M a na ge d a n ti - v i r u s M o b il e dev i c e m g m t . Enterprise infrastructure Apps at risk

Articles in this issue

Links on this page

view archives of Case Studies - Application Protection for Connected Medical Devices