In response to rising cybersecurity threats, medical device manufacturers have incorporated increasingly sophisticated ways to protect the code and data on their devices. But these methods come with tradeoffs when it comes to usability.
If security requirements make the use of the device too difficult or it interferes with clinical workflow, patients and healthcare workers may develop workarounds that ultimately reduce security and safety for the device.
There is no one right answer when it comes to device security. As manufacturers make security decisions, they need to consider how security measures will impact clinical workflow or patient adherence when using the device.
Making the right choice for any security decision requires balancing three critical considerations:
No. 1: What are the Potential Consequences?
Manufacturers must first consider what is at risk if the device code or its data are compromised. Potential risks include patient safety, data integrity, data privacy and business reputation. What is the worst-case scenario? If a compromise causes the device to malfunction, how serious are the risks to patient safety? Does the device store and transmit HIPAA-protected data? Devices that could cause patient harm or death if compromised require more stringent protections than devices with less critical functions.
No. 2: What is the Probability?
Manufacturers also need to look at the likelihood that the device could be compromised. How tempting is the device to potential hackers (could they use the device to access valuable information, cause intentional harm or pivot into hospital networks? How much knowledge would be needed to carry out an attack? Could the device be hacked by remote access or would hackers need to have physical access to the device?
Probability is more difficult to estimate for cybersecurity risks than for physical safety risks. However, the physical and software attributes of the device can be used to develop a threat profile and estimate the risk of deliberate attacks or non-directed threats.
No. 3: What is the Context of Use?
The “context of use” includes where the device will be used (home or clinical environment), by whom (patient or professional caregivers) and when and how often the device will be used.
When considering a security measure, manufacturers should first look at the end-user characteristics. How knowledgeable will the end user be? If the end user is a patient, will he have physical or cognitive limitations? Will the device be used by a single user or multiple caregivers?
Environmental factors, including time constraints, workflow patterns and the physical environment, are also important to understand. What else is happening in the environment when the device is used? How often will users need to interact with the device? Security requirements that are acceptable in a device that users interact with once per shift may become onerous if users must interact with the device several times per hour.
Safe, Secure and Easy to Use
The right balance of usability and cybersecurity will be unique to each device. Finding this balance will require an integrated approach to device development that includes security and human factors considerations from the very earliest stages of development. Involving security and usability experts at the requirements stage can help manufacturers avoid costly changes and delays later in the development process.
Learn more about Battelle’s work with medical devices and download our new white paper: Safe, Secure and Easy to Use for more details on the fight between usability and cybersecurity.