Connected medical devices, also known as IoMT (Internet of Medical Things), can dramatically improve patient health while minimizing the potential for harm. Infusion pumps illustrate this in a stark fashion. In 2010, Reuters reported more than 50,000 incidents related to legacy infusion pumps, including 710 deaths. Among the cases cited was a woman who received “10 times the dose of a blood thinner because the zero key on her pump stuck.” Thankfully, a smart infusion pump can make such distressing incidents a thing of the past. These pumps can deliver accurate doses of medication, remotely monitor patients and adapt care, integrate with patient electronic health records, and issue alerts to medical staff if there is an operation failure.
This potential for more accurate and safer care is the reason the number of connected medical devices is exploding. According to Fortune Business Insights, the global IoMT market will surge to almost $188 billion by 2028, quadrupling its value from 2020. This same study predicts that 70.6 million Americans will use remote patient monitoring (RPM) solutions by 2025, a 56.5% jump from 2022.
Connected medical devices, however, create attack surfaces for cyber threats. The possibility has already been explored in popular culture. In an episode of Homeland, a terrorist hacks the pacemaker of the vice president of the United States, wirelessly increasing the rate of his heartbeat and causing a fatal heart attack. Marc Goodman, author of Future Crimes, describes how difficult it can be to investigate an attack on connected medical devices: “The evidence of medical device tampering might not even be located on the body, where the coroner is accustomed to finding it, but rather might be thousands of kilometers away, across an ocean on a foreign computer server.”
There are many other, albeit less spectacular, ways that threat actors can infiltrate IoMT. Ransomware can lock down hospital networks, preventing patient data from reaching infusion pumps. Infiltrating one connected medical device can wreak havoc on other devices that rely on them. Patient data can be compromised. A 2022 FBI report cited research showing that 53% of connected and IoT devices in hospitals had known vulnerabilities, that there is an average of 6.2 vulnerabilities per medical devices, and that 40% of medical devices at end-of-life offer little to no security patches or upgrades. Given the countless connections between different devices and networks, protecting and monitoring connected medical devices with an updatable security infrastructure is essential. This is where digital trust comes in.
Digital trust ensures that we can have confidence that the interactions, processes and transactions that we undertake are secure, as discussed in the IDC report, Digital Trust: The Foundation for Digital Freedom. For connected medical devices, incorporating digital trust into a device security strategy can encompass:
Not surprisingly, implementing digital trust strategies for IoMT devices is rarely straightforward. DigiCert has worked with customers to successfully address:
Leading IoMT manufacturers choose DigiCert to embed device trust into their market strategies to achieve the promise of what connected medical devices, such as infusion pumps and pacemakers, can deliver. This spans the production of these devices in the factory to their ongoing operation in hospitals and in many cases, in patients themselves. DigiCert customers are actively embedding digital trust to centralize management, automate policy enforcement and improve user trust, and to ensure, as these devices become increasingly connected, that attack surfaces remain secure.
In contrast to competing solutions, only DigiCert Device Trust provides IoMT manufacturers a complete toolbox to handle all the complexities inherent in securing device trust. This includes the ability to connect to devices that may lack consistent connectivity, as well as the ability to integrate seamlessly with complementary devices and services. With DigiCert Device Trust, IoMT manufacturers now have a full-stack solution that protects IoMT devices from bad actors and lets them improve the lives of the patients they’re meant to serve.
As the number of attacks on healthcare providers continues to ramp up, it becomes more important than ever that IoMT device manufacturers find a way to consolidate digital trust across all their product lines. Further, in the United States, the Food and Drug Administration now requires that medical device applications must provide reasonable assurance that devices are protected, including providing the FDA with a software bill or materials used by devices, and make security updates and patches on a regular basis and in critical situations. Digital trust architectures and strategies support IoMT device makers in meeting these market and regulatory requirements.