Medical Design Briefs is reporting from the Design of Medical Devices Conference 2019. Send us your questions and comments below.

The way forward in developing rigorous cybersecurity is “designing security in from the get-go,” says Kevin Fu, associate professor at the University of Michigan. Fu made his remarks in his keynote presentation at the Design of Medical Devices conference at the University of Minnesota in April 2019.

“Trying to bolt security on after the fact — just like safety — is hard,” he says, emphasizing that it is essential to get it in “not just at the specification stage, but as you are white boarding and thinking about what are the risks that come into play.”

“We had a report a couple of years ago where we were questioning the research methods of a report claiming security problems in a cardiac implant. We found the experiments did not rise to what we considered to be a standard of scientific inquiries,” says Fu. “Had that report been done with more rigor, there would have been a lot more information on what was secure and what wasn’t.”

He says that one of the easiest approaches to cybersecurity is to create software updates but notes that those also have a risk. “You used to get dialog boxes, but now updates are happening in the background. And software updates are not a panacea. A few years ago, McAfee had a software update for their antivirus product. It misclassified a critical part of the Windows operating system and quarantined this critical part of the system,” says Fu. Hospitals across the world were affected. “This automated process caused all of these computers to fail.”

Fu also thinks antivirus software is counterproductive. “It’s just not effective anymore because there are so many viruses out there. What you do is design your software to be more resilient, then you don’t have to worry about viruses. But because we are still living with legacy software, we will have continued risk of computer viruses, he explains.

Designing for the Future

“My biggest fear is anything involving closed-loop feedback with sensors,” says Fu. “We hand off the decision making from a patient to a clinician to a computer, if it’s completely reliant on the integrity of a sensor, we run the risk of doing the wrong thing.

“For the next 10 years, I’m very concerned about the integrity of the sensors in these devices. If you can’t trust the data the sensor is telling you, you’re not going to be able to take action.” Fu says that some of the gaps are essentially basic hygiene — equivalent to hand washing. One challenge, he says, from an engineer’s standpoint is to be sure not to design a security solution that will interrupt clinical workflow.

Fu says that assuming the components can all fail from a security risk, it’s how medical device designers build reliable systems from unreliable components. “Some of the tools in our defensive arsenal include cryptography, better specifications, risk modeling, and threat modeling. Threat modeling is really important: What are the risks and what kinds of threats are you trying to protect against? Until you’ve got your threat model right, you’re not going to have be able to design your device in a scientific way.”