The Diabetes Technology Society recently announced its new cybersecurity standard for interconnected diabetes devices called DTSec. The standard specifies performance requirements utilizing the ISO/IEC 15408 framework used to define security requirements on “smart” medical devices. DTSec is initially targeted for networked devices, such as continuous glucose monitors and wireless insulin pumps, but, the group says there is nothing inherent in it to preclude its application to any other medical product or component.
In fact, the Diabetes Technology Society believes that DTSec that it can provide “foundational work for effective cybersecurity standards across not only other medical device classes, but other connected devices and the broader ‘Internet of Things.’”
Objectives include establishing the general requirements for connected devices that meet the balanced needs for security and clinical application; identifying possible and potential threats related to components and interfaces of the connected devices, such as network, storage, software, connected peer devices, and cryptography; and outlining additional optional functional requirements for manufacturers to consider adding to their toolbox for future development.