As one who has been in the medical device industry for over thirty years, I have seen the evolution from stand alone medical devices and closed proprietary patient monitoring systems to the truly connected medical device. Integra Systems, Inc., started in 1997 and we have worked with companies pre ratification of IEEE 802.11b (Direct Sequence Spread SpreadSpectrum) in 1999 until present 2016. In that time we have seen the evolution of network security best practice and also the changes as part of IEEE 802.11 and security.
Proper security on any networked device, whether a wireless connected medical device or laptop, consists of the design of the network and the back end systems. Segmentation by VLAN and ESSIDs by the application makes sense from a pure networking standpoint, also one has to look ensure the proper signal strength and coverage for the intended application. Often overlooked is the utilization of WLAN Intrusion Detection Systems or IDS. IDS is the next layer to wireless cybersecurity mitigation. Any IDS should provide a complete solution set that secures both the wireless network and the mobile enterprise and the actual users. Any IDS should monitor the system 24x7, which should allow for the identification of network attacks and instantly terminate the connection to a rogue device. There also should be an extensive event library with context-aware detection engines that detect only meaningful security events. A comparison should be made of existing and day-zero threats in real time, which is then compared to the gathered historical data. The result of this real-time comparison is the ability to accurately detect all wireless attacks and anomalous behavior.
Finally, the majority if not all wireless medical device manufactures now have to conduct validation and verification and wireless co-existence testing for a FDA 510(k) submittal. Companies often test and validate with the market leaders in the WLAN space and use www.ixiacom.com considered to be the gold standard for ecosystem testing. Integra Systems, Inc, has worked with many wireless medical device companies to conduct this testing.
However, the enterprise WLAN infrastructure providers of controllers (including virtualized and WLAN access points) continue to update the firmware and software. The changes in this technology, evolve many times faster than the changes in the medical device space. To keep up with the challenges of security, the enterprise companies evolve along with IEEE 802. 11 standards. It is recommended that validation and verification testing for security and quality of service be continuous for the wireless-enabled medical device. This will ensure that the wireless enabled medical device is kept current with the changes in the enterprise that are addressing the changing security requirements.