Securing Mobile Medical Applications and Devices from External Threats

According to the Identity Theft Resource Center, the first eight months of 2016 has seen 584 total breaches with more than 20,500,000 records exposed. What’s perhaps more alarming is the fact that 58 percent of the total breaches have been in the medical/healthcare category. So that’s the bad news!

The good news? The medical industry has seen significant progress delivering cutting edge medical devices such as heart monitors and implantable insulin pumps and sleep devices that automatically monitor a patient’s status, deliver potentially needed real-time treatment, and collect data that can be used by medical personnel to improve patient outcomes.

The manufacturers of these medical devices can use specialized hardware and software to secure these actual devices from outside threats – malware and ransomware – but more often than not, these devices rely on applications and mobile platforms to communicate this data and other medical signals to the doctors and medical staff. These operating systems (such as Android) become the weak link or backdoor to an otherwise secure system. So that’s also the bad news!

The good news? The FDA has recently released guidance designed to provide a framework for the management of cybersecurity in medical devices. The draft guidance goes into great detail, but the key points are:

  • Device and application creators need to incorporate security elements consistent with the NIST Framework for Improving Critical Infrastructure Cybersecurity: Identify, Protect, Detect, Respond, and Recover.
  • Incorporate detection mechanisms into their device design and device features to increase the detectability of attacks and permit forensically sound evidence capture.
  • Design the devices to ensure that risks inherent in remediation are properly mitigated including ensuring that the remediation is adequate and validated and that the device designs incorporate mechanisms for secure and timely updates.

How about some more good news? whiteCryption’s enterprise-level solution, Cryptanium, has two main components that can help medical device manufactures introduce the security needed to prevent malware threats like ransomware. The first is Cryptanium Secure Key Box, a white box cryptographic library that implements standard cryptographic algorithms in a way that completely hides the keys. The second is Cryptanium Code Protection, a comprehensive tool for hardening software applications on multiple platforms. These two components work together to increase security protection against these types of malware threats.

whiteCryption designed Cryptanium for application developers who need to add tamper resistance and self-defense mechanisms to apps running in threat-rich environments, such as Android. The connected world we live in today goes beyond computers and mobile devices to automobiles, home appliances and medical devices and applications; the security solutions that we rely on need to work harder to protect the people that rely on these devices.