Secure SW-Development for Medical Devices

Cybersecurity for connected medical devices and medical device software

Heilbronn University of Applied Sciences (HHN), Faculty of Computer Science

Nowadays, more and more diagnostic and therapeutic functionality are realized „in silico“: software becomes a medical device. Medical devices are regulated worldwide in order to ensure safety, reliability and effectiveness. Another big trend is interconnectivity of medical devices. Unfortunately, this gives attackers the opportunity to exploit existing vulnerabilities. Therefore, regulatory agencies worldwide consider security more and more as an integral part of the product lifecycle. Many software-based medical devices do not have adequate security precautions, e.g. implantable pacemakers and insulin pumps (Rios and Butts, 2018). This module addresses these shortcomings and enables learners to build secure software for medical devices.

Target Group: Master’s students in medical informatics and medical engineering.

Learning Objectives: In this module, security measures and activities for each phase of the software development cycle are presented, discussed and practiced using an example from the field of "medical device software". Topics covered include:

  • Secure SW development cycle (e.g. the Microsoft Secure Development Lifecycle)
  • Specification of security requirements, misuse cases and attack trees
  • Threat modeling and best practice countermeasures
  • Risk-based assessment of threats (e.g. according to the OWASP Risk Rating Methodology)
  • How to implement security in requirements analysis, design and on code level
  • Common vulnerabilities, basic security design principles and best security practices
  • Hacking of vulnerable applications
  • Secure implementation of critical software building blocks (e.g. 2-factor authentication) that are frequently required
  • Security tests
  • Secure SW deployment, secure operation and post-market security

Embedding: The module is embedded in the cooperative “medical informatics master’s” program, jointly realized by Heilbronn University and Heidelberg University started in 1972 and having more than 1.800 alumni.

Bibliography: Rios, B., and Butts, J. (2018). Understanding and Exploiting Implanted Medical Devices. Black Hat USA 2018, Las Vegas, Nevada, USA.