Path: EDN Asia >> Design Centre >> Medical >> Beef up security of connected medical electronics
Medical Share print

Beef up security of connected medical electronics

04 Feb 2015  | Lauri Ora

Share this page with your friends

The growing use of electronics in medical equipment has given rise to new safety standards. These standards, combined with the increased security requirements brought about through increased connectivity, are placing new demands on developers of medical hardware and software. Providing justification for the safety of an unsecure connected device will be extremely difficult, as potential attacks via the network connection can directly impact the safety functions. This means that both safety and security aspects have to be rigorously considered for new designs.

Over the last few years, microcontroller designers have introduced additional features specifically to help develop safety-related systems. These features are helping software developers tackle the challenges they are facing. For example, support for virtualisation in the hardware can help developers use existing, proven code alongside newly developed software without compromising the safety of the overall system.

The medical equipment industry has been adopting electronics based safety technologies with increasingly more complex designs. Infusion pumps and pacemakers that keep patients alive are increasingly using safety-related semiconductor devices at the heart of their designs. As systems become connected, either to share data or for remote operation in "telehealth" applications, the security elements of the designs become equally as important as the safety elements. It is impossible to have safety without security. The need for safe and secure devices has therefore resulted in a wide range of safety standards that have to be considered in the development of medical equipment. In addition, there are stringent sets of approval processes from organisations such as the FDA in the United States, or the notified bodies operating within the framework of the European Medical Device Directive.

Safety considerations for medical applications
Device designers need to contend with a range of regulations and standards when developing new products in the medical field. For example, the IEC 60601 medical electrical equipment standard covers equipment such as EEG monitors, IV pumps, imaging systems, ECG devices, vital signs monitors, and other devices that connect directly to a patient. Devices and systems not directly connected to the patient are covered by IEC 61010, including measurement, control, and laboratory systems.

For medical devices and systems, comprehensive risk management is an integral part of ensuring patient safety. For this reason, risk management conforming to the ISO 14971 standard is generally applied which requires the identification of hazards in all device operating modes and fault scenarios. The hazard identification process needs to be systematic and thorough, and should include the electronics and software within the device or system. Analysis of identified hazards is typically done through the use of a risk matrix, which provides a mapping from expected severity of harm and probability of occurrence to the overall risk associated with the hazard. The resulting risk for each hazard is then used to determine required countermeasures, which can be design based, operational, or documentation related.

In addition, software in medical devices and systems is also regulated with two different testing approaches. IEC 60601-1 Annex H allows software to be treated as a black box component of the system, with the software functionality qualified and tested as part of the overall system. This approach is however challenging for complex software-based systems, so a different route also exists.

For devices with more complex software the IEC 62304 standard is applicable. This standard classifies software in three categories, ranging from the less critical Class A to the more critical Class C (where a failure could result in death or serious injury). The standard outlines requirements at each stage of the software development lifecycle and defines the minimum activities and tasks that need to be performed to provide confidence that the software has been developed in a way that reduces the risks from potential malfunctions caused by software errors to a tolerable level.

1 • 2 Next Page Last Page

Want to more of this to be delivered to you for FREE?

Subscribe to EDN Asia alerts and receive the latest design ideas and product news in your inbox.

Got to make sure you're not a robot. Please enter the code displayed on the right.

Time to activate your subscription - it's easy!

We have sent an activate request to your registerd e-email. Simply click on the link to activate your subscription.

We're doing this to protect your privacy and ensure you successfully receive your e-mail alerts.

Add New Comment
Visitor (To avoid code verification, simply login or register with us. It is fast and free!)
*Verify code:
Tech Impact

Regional Roundup
Control this smart glass with the blink of an eye
K-Glass 2 detects users' eye movements to point the cursor to recognise computer icons or objects in the Internet, and uses winks for commands. The researchers call this interface the "i-Mouse."

GlobalFoundries extends grants to Singapore students
ARM, Tencent Games team up to improve mobile gaming

News | Products | Design Features | Regional Roundup | Tech Impact