Connecting medical devices can be a great benefit to society. For example, the MRI machine used to scan a patient’s back can immediately transmit the images to the doctor in their office for immediate analysis and diagnosis. A connected heart rate monitor can add tremendous value to a doctor as it captures and detects transient conditions that may not be apparent from a single EKG scan. A connected glucose meter can continuously track a patient’s blood glucose levels and can be connected to an insulin delivery device. A mood/depression monitor can be used to track the fluctuating physical states, which can be used to interpret the ongoing mental state.
Proposed growth areas for IoMT (Internet of Medical Things) include connected inhalers, digestible sensors, connected contact lenses and robotic surgery. According to a report by Insights into the Fortune businessthe IoMT market was nearly $72 billion in 2020. Rising popularity of remote patient monitoring and smart wearables is expected to propel the IoMT market to $176 billion by 2026 and $446 billion by 2028.
Threats introduced by IoMT
As defined in ISO 14971, Damage there is injury or damage to health of persons or damage to property or the environment and a Danger is a potential source of damage. IoMT brings with it a new set of threats. Any IoMT device that can have an effect on a user/patient, e.g. B. the introduction of energy (e.g. pacemaker) or the delivery of chemicals (e.g. insulin delivery) carries the risk of a malicious agent taking control of the device, with potential direct impact on physical well-being of the user/patient.
An even more insidious risk is the possibility of a fraudulent agent gaining access to a device or medical software system (such as an electronic medical record system) and retrieving sensitive patient information, such as medical or financial information. Because the ultimate damage can affect a patient’s finances or medical records, the risk of physical injury is much lower. The trick, however, lies in the potential temporal discontinuity between injury and effect, and the potential for attacks on many victims.
Mitigating IoMT threats through risk management
The threats posed by IoMT products must be mitigated through an effective risk management process. Since IoMT products inevitably contain software, the applicable risk management processes reflect the software security classification. According to IEC 62304, all software in medical devices is assigned a classification based on the severity of damage that can be caused if the software does not perform as specified. The most severe classification, Class C, is assigned to software capable of causing death or serious injury, and Class C is the default classification unless otherwise justified.
One technique for reducing software classification, and thereby reducing the associated documentation and risk management effort, is to reduce the likelihood of occurrence by implementing a hardware risk control. Unfortunately, implementing a hardware risk mitigation measure to reduce risk in the IoMT is quite difficult, if at all possible, due to the multi-tiered software stack structure used for Internet communications. Therefore, developers of IoMT products must be prepared to perform software risk management that conforms to Class C software classification.
Risk mitigation in IoMT product development
Medical device manufacturers can minimize risk by:
- risk management planning: Development of a risk management plan that defines the risks to be managed and the process by which they are managed. Planning usually occurs before product design, concurrently with the development of product requirements.
- Risk assessment: Application of various risk assessment methods, including Failure Modes and Effects Analysis (FMEA); Failure Mode, Impact and Criticality Analysis (FMECA); hazard analysis; fault tree analysis; event tree analysis; and root cause analysis. The data compiled during the risk assessment process is stored in a dedicated database to ensure traceability and completeness. The culmination of each risk assessment cycle is a summary report that identifies the most critical risks.
- Risk mitigation and monitoring: At each iteration of the risk assessment, apply mitigation strategies to the most significant risks. Critical to the risk management process is the documentation of the risk assessment and resulting mitigation strategy, captured in formal risk management reports.
As medical devices, IoMT products require effective risk management (according to ISO 14971) and a quality management system (according to ISO 13485), and they will likely also need a fully documented Class C software development process (according to IEC 62304). The complexity of these standards can present a daunting challenge and specialists with background knowledge and experience are available to help navigate these standards, provide guidance and advice on how to carry out the required processes and develop high quality documentation that meets regulatory requirements.