IEEE, a professional association of engineers in multiple industries including healthcare, has issued guidance to help software developers establish a baseline of security for software development and implementation of medical devices.

The goal is to reduce or eliminate security vulnerabilities that could enable unauthorized persons to access the devices. “Most exploited vulnerabilities are due to accidental implementation errors that can be avoided or significantly reduced through the use of specific programming languages and automated tools for checking software,” according to an IEEE announcement.

And that is the starting point for this first iteration of guidance—to rule out the most common vulnerabilities during the implementation phase, says Carl Landwehr, co-author of the guidance and a research scientist at the Cyber Security Policy and Research Institute at George Washington University.

Also SeeInteroperable Medical Device Safety Standards Making Headway

The guidance covers a range of coding elements intended to avoid/detect/remove specific vulnerabilities, assure proper use of cryptography, assure software and firmware integrity, impede attacker analysis or exploitation, and enable detection and attribution of an attack, among other functions.

For instance, when updating validation of firmware and software, developer resources required include a signing key and protection for the key, and to compute and store digital signatures for the updates produced.

The guidance, “Building Code for Medical Device Software Security,” is available here.

This article courtesy of Information Management's sister brand, HealthData Management.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access