Software Considerations and Security Requirements for Medical Devices

Software Considerations and Security Requirements for Medical Devices


Software has become ubiquitous in the healthcare industry given its widespread use for controlling medical devices and health information systems and communicating and maintaining electronic patient data, all in an increasingly connected environment. For embedded system developers, in particular, choosing the software best suited for the design of the medical device and its end use is critical. Options abound – use a commercial off-the-shelf product or create their own? Employ a real-time operating system or a general-purpose operating system such as Linux or Android? And, what security mechanisms will be incorporated to protect software from malicious tampering and ensure data transmission and storage?

Wind River recently published an interesting white paper, Choosing the Right System Software for Medical Devices, that explores many of the essential considerations that will help developers in making their choices. As Wind River points out in the paper, while the needs and requirement for each device will vary as will the features, functions, and capabilities, it is critical to evaluate the full range of options before making the selection. Of the many key considerations are shelf-life, easy-to-understand user interface, secure and stable communications, multi-CPU system design, connectivity, modularity and scalability.

Additionally, use of commercial vs. open source development options require careful consideration. While each has advantages and trade-offs, Wind River notes that the choice typically comes down to the completeness and sophistication of commercial offerings versus the low cost and ubiquity of open source software. From a safety standpoint, the medical device system software needs to support security features that protect against malware and also deliver secure data storage and transmission. The system software also needs to support the secure upgrade, download, and authentication of applications to help keep devices secure across an ever-changing threat landscape.

As open source software continues in popularity within the development community, commercial vendors too are focusing on software solutions that specifically address the unique challenges of medical devices. Companies like Wind River and Wibu-Systems, for example, offer integrated solutions that leverage each other’s technology expertise. With the integration of Wibu-Systems’ CodeMeter security platform with Wind River’s Security Profile for VxWorks®, the world’s most widely deployed commercial RTOS, developers of connected medical systems have access to a fully scalable solution that features best-of-breed security for device, data, and IP protection, and additional licensing management options to expand business opportunities for applications developed on the VxWorks platform. You can read a more detailed description of the joint technology in this solution brief.

Beyond functionality and security, however, medical device developers must also weigh additional economic and operational factors affecting the healthcare industry. For example, given the burgeoning costs of healthcare, developers must take into account a mandate to minimize cost per capita of each person’s healthcare while reducing the cost of the devices themselves. With expanded features and sophistication of the devices, they must be readily understandable and easy to operate by both the professional and non-professional care givers who will use them. And they must work every time.

Medical device software developers have much to consider, particularly when human lives are at stake.