As medical technology becomes more connected, ensuring the security of medical devices is vital. Technology advances, bringing new opportunities for innovation and to improve the lives of patients — but emerging technology also presents opportunities for malicious actors. Medical device developers must balance staying at the forefront of innovation, maintaining regulatory compliance, and addressing ethical and privacy concerns while ensuring software vulnerabilities are quickly identified and fixed as the code is being written.
Here, we share some of the insights from our new Cybersecurity Trends for Medical Devices Report. Get an overview of the key findings, from top concerns to cybersecurity trends and more.
[toc]
Medical Device Cybersecurity Trends in 2023: Key Findings
For our new report, we surveyed 100 medical device professionals from a variety of healthcare industries.
We asked about their top challenges in developing secure medical devices and the tools and processes they use. We also wanted to know if their software requires compliance with standards, and the trends and technology that may impact their approach to security down the road.
Here are some key findings from the report:
- Adhering to the FDA Cybersecurity Guidelines and developing/maintaining secure code in apps connected to medical devices were the most difficult challenges facing teams today.
- Delayed releases caused by software issues found during testing was a top concern.
- Complying with IEC 62304 is critical for many software development teams.
- Health monitoring systems are among the emerging technologies that may have the greatest impact on cybersecurity for medical device software development.
We dive into all of these findings in the full report, which you can download for free. For now, here is a quick look at some of these key findings.
Top Challenges: FDA Guidance and Secure Code in Apps
A few challenges were equally significant in the report's findings. Forty-two percent of respondents said that adhering to the FDA Cybersecurity Guidelines is their most significant challenge to medical device cybersecurity, while another 42% said that developing and maintaining secure code in apps connected to medical devices was the greatest challenge. These were followed closely by developing/maintaining secure embedded code in medical devices.
The FDA guidelines have several phases and can be rigorous, so it is not surprising that this is a top concern among medical device professionals. Static analysis tools — like Helix QAC and Klocwork — can help ensure and maintain a medical device's cybersecurity as well as demonstrate compliance with FDA cybersecurity guidance.
#1 Pain Point: Delayed Releases
Delayed releases caused by software issues found during testing was the #1 pain point for all our survey respondents (55%). This is a common concern for most industries, and it's especially important to get it right for medical devices that impact systems used for healthcare purposes.
Development teams who adopt a shift-left mentality can catch errors early in the SDLC, enabling them to identify vulnerabilities and fix errors prior to testing and long before the software is released.
Developing Standards-Compliant Software
Most respondents said that they are required to comply with IEC 62304, which the FDA recognizes as supporting existing regulatory policies.
Some respondents said that they also comply with CERT, MISRA, and AUTOSAR, which help improve code from the start.
However, surprisingly few respondents indicated that they have requirements to use a coding standard, and 25% don't have any compliance requirements at all. This is concerning when it comes to the quality of medical device software — even if older medical devices to not have connectivity (and therefore no requirement for cybersecurity checks), they still need to consider safety.
We expect compliance requirements to increase over the next several years as connectivity increases and global regulations continue to evolve.
Medical Device Cybersecurity for Emerging Technology Trends
Health monitoring systems were identified by 48% of respondents as the emerging technology that will have the greatest impact on the security of medical devices. This could be because health monitoring systems tend to have the most stringent cybersecurity requirements.
Respondents also identified automated diagnostics as a top emerging trend. While wearables, AR, and robotics are not likely to have a big impact (yet), this is likely to increase in the coming years, especially as, according to Amstat News, AI algorithms and the clinical uses of AI in medical devices are anticipated to grow.
Ensure Medical Device Software Security with Klocwork and Helix QAC
Static analysis helps developers mitigate potential security issues in medical device software as the code is being written. An industry standardized static code analyzer tool like Perforce's Helix QAC and Klocwork enables teams to identify security vulnerabilities and accelerate standards compliance.
See for yourself how Perforce Static Analysis tools keep medical devices secure.
The Future of DevSecOps for Medical Devices
We asked our survey takers, when do you plan to reevaluate your approach to DevOps security?
Cybersecurity is of high importance to healthcare professionals. More than half of those surveyed said they plan to evaluate their DevOps security position within the next year-and-a-half.
While the rest of the respondents don't have "specific plans" for ensuring the security of medical devices, they would reconsider if there was demonstrated value in a potential change — which is likely to happen with more frequency as more medical devices become connected and have mandated security requirements.
Get the Full Report for Medical Device Cybersecurity Trends & Insights
For further details and actionable insights on medical device cybersecurity trends, download a full copy of the Cybersecurity Trends for Medical Devices Report for free.