Digital Trust 04-12-2023

Digital Trust for connected medical devices

Robyn Weisman
Digital Trust for connected medical devices

Connected medical devices, also known as IoMT (Internet of Medical Things), can dramatically improve patient health while minimizing the potential for harm. Infusion pumps illustrate this in a stark fashion. In 2010, Reuters reported more than 50,000 incidents related to legacy infusion pumps, including 710 deaths. Among the cases cited was a woman who received “10 times the dose of a blood thinner because the zero key on her pump stuck.” Thankfully, a smart infusion pump can make such distressing incidents a thing of the past. These pumps can deliver accurate doses of medication, remotely monitor patients and adapt care, integrate with patient electronic health records, and issue alerts to medical staff if there is an operation failure.

This potential for more accurate and safer care is the reason the number of connected medical devices is exploding. According to Fortune Business Insights, the global IoMT market will surge to almost $188 billion by 2028, quadrupling its value from 2020. This same study predicts that 70.6 million Americans will use remote patient monitoring (RPM) solutions by 2025, a 56.5% jump from 2022.

Why connected medical devices can be vulnerable to cyber threats

Connected medical devices, however, create attack surfaces for cyber threats. The possibility has already been explored in popular culture. In an episode of Homeland, a terrorist hacks the pacemaker of the vice president of the United States, wirelessly increasing the rate of his heartbeat and causing a fatal heart attack. Marc Goodman, author of Future Crimes, describes how difficult it can be to investigate an attack on connected medical devices: “The evidence of medical device tampering might not even be located on the body, where the coroner is accustomed to finding it, but rather might be thousands of kilometers away, across an ocean on a foreign computer server.”

There are many other, albeit less spectacular, ways that threat actors can infiltrate IoMT. Ransomware can lock down hospital networks, preventing patient data from reaching infusion pumps. Infiltrating one connected medical device can wreak havoc on other devices that rely on them. Patient data can be compromised. A 2022 FBI report cited research showing that 53% of connected and IoT devices in hospitals had known vulnerabilities, that there is an average of 6.2 vulnerabilities per medical devices, and that 40% of medical devices at end-of-life offer little to no security patches or upgrades. Given the countless connections between different devices and networks, protecting and monitoring connected medical devices with an updatable security infrastructure is essential. This is where digital trust comes in.

Benefits of digital trust in connected medical devices

Digital trust ensures that we can have confidence that the interactions, processes and transactions that we undertake are secure, as discussed in the IDC report, Digital Trust: The Foundation for Digital Freedom. For connected medical devices, incorporating digital trust into a device security strategy can encompass:

  • Establishing device authenticity and preventing counterfeiting: Digital certificates can securely authenticate device identity, which prevents devices starting up or operating if they’re compromised.
  • Encrypting private patient data that is transmitted wirelessly or over a network: Digital certificates can ensure both encryption and integrity of data, which thwarts data theft or data tampering by bad actors.
  • Improving user trust in device safety: Secure device identity and operations can provide users with the confidence to incorporate devices that improve patient outcomes.
  • Securely integrating with other technologies that improve the accuracy of patient care: Connected medical devices can securely integrate into protected systems that automate accurate and timely delivery of medications.

The complexity of delivering digital trust

Not surprisingly, implementing digital trust strategies for IoMT devices is rarely straightforward. DigiCert has worked with customers to successfully address:

  • Intermittent connectivity at manufacturing centers: Inconsistent factory connections compel strategies that enable continuous delivery of digital certificates to parts of or to finished devices for continuous operation of the line — even during internet outages.
  • Diverse product lines with different form factors and security needs: DigiCert IoT trust solutions enable centralized approaches to digital trust management, governing multiple types of certificate enrollment and authentication needs. This ensures consistency in architecture and policy while reducing the need for highly skilled PKI experts to custom build security applications.
  • Integration with cloud services: Cloud vendors offer value-added services for IoT management (e.g., analytics); however, many require development of custom code and API integration. This can eventually lead to an unsustainable level of maintenance. DigiCert IoT trust solutions automate integrations with Azure’s IoT Hub and other cloud resources, so that development teams can focus on their work rather than on system integration.

Why IoMT manufacturers choose DigiCert to help deliver digital device trust

Leading IoMT manufacturers choose DigiCert to embed device trust into their market strategies to achieve the promise of what connected medical devices, such as infusion pumps and pacemakers, can deliver. This spans the production of these devices in the factory to their ongoing operation in hospitals and in many cases, in patients themselves. DigiCert customers are actively embedding digital trust to centralize management, automate policy enforcement and improve user trust, and to ensure, as these devices become increasingly connected, that attack surfaces remain secure.

In contrast to competing solutions, only DigiCert Device Trust provides IoMT manufacturers a complete toolbox to handle all the complexities inherent in securing device trust. This includes the ability to connect to devices that may lack consistent connectivity, as well as the ability to integrate seamlessly with complementary devices and services. With DigiCert Device Trust, IoMT manufacturers now have a full-stack solution that protects IoMT devices from bad actors and lets them improve the lives of the patients they’re meant to serve.

As the number of attacks on healthcare providers continues to ramp up, it becomes more important than ever that IoMT device manufacturers find a way to consolidate digital trust across all their product lines. Further, in the United States, the Food and Drug Administration now requires that medical device applications must provide reasonable assurance that devices are protected, including providing the FDA with a software bill or materials used by devices, and make security updates and patches on a regular basis and in critical situations. Digital trust architectures and strategies support IoMT device makers in meeting these market and regulatory requirements.

Learn more or contact for more information on solutions for IoMT.


3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min