What DTSec Means for Portable Medical Devices and Diabetes Management
With cybersecurity playing a more significant role in patient safety, it’s become one of the primary concerns in the development of wireless medical devices. In 2022 alone, the Health Insurance Portability and Accountability Act (HIPAA) Journal reported 707 data breaches of 500 or more records reported. During this period, IBM estimated the average total cost of a healthcare-related breach at $10.1 million. Today, it’s more common to see cybercriminals applying a combination of sophisticated, simultaneous information technology (IT) and operational technology (OT) attacks. Further exacerbating the problem, ransomware-as-a-service is becoming a more standard, professional service.
Security vulnerabilities in healthcare are putting people at risk. While designing with wireless functionality has improved the transfer of information and expanded the benefits of medical devices, it requires additional security measures.
Adopting Cybersecurity Guidelines for Wireless Medical Devices
The U.S. Food and Drug Administration (FDA) requires increasingly stringent certification requirements for cybersecurity in medical device design, so adhering to these measures requires a holistic approach. The Consolidated Appropriations Act dictates that all medical device submissions must include detailed cybersecurity plans, and failure to do so results in rejection.
Silicon Labs’ portfolio includes SoCs that are uniquely suited to support medical device designers:
- EFR32BG27 (BG27) wireless SoCs offer an ultra-small WLCSP package (2.3 mm x 2.6 mm) capable of running on button cell batteries. The BG27 Bluetooth SoC features an integrated DCDC boost that allows operation down to 0.8 volts, enabling support for batteries that are typically used in medical applications for patches and continuous glucose monitoring (CGM) devices. Target applications include connected and portable medical devices, wearables, sensors, switches, smart locks, and both commercial and LED lighting.
- EFR32BG22 (BG22) Bluetooth low energy (LE) wireless SoC solutions offer best-in-class, ultra-low transmit and receive power (4.1 mA TX at 0 dBm, 3.6 mA RX) and a high-performance, low-power Arm® Cortex®-M33 core (27 µA/MHz active, 1.2 µA sleep). Target applications include Bluetooth mesh low-power nodes, smart door locks, and personal healthcare and fitness devices.
The U.S. Food and Drug Administration (FDA) requires increasingly stringent certification requirements for cybersecurity in medical device design
Silicon Labs Custom Programming Services
In-house Custom Part Manufacturing Service (CPMS) allows secure provisioning of several highly advanced features including:
- Secure Boot/Debug
- Encrypted OTA
- Public/Private/Secret Keys
- Secure Identity Certificates
Custom features are injected during testing and assembly, which eliminates the need for third-party programming. Silicon Labs’ dedicated security team is prepared to consult on secure lifecycle development and provide a fast, cost-efficient alternative to traditional flash programming.
Cybersecurity in Diabetes Management Devices
Potential threats to the flow of information and device commands can compromise medical device function and, by extension, patient health. Maintaining the CIA triad (i.e., confidentiality, integrity, and availability) for health data and connected devices requires thoughtful cybersecurity plans.
The Diabetes Technology Society (DTS) has taken an aggressive position on cybersecurity in diabetes management with its Standard for Wireless Device Security (DTSec). DTSec was developed with input from the FDA and U.S. Department of Health and Human Services (HHS), and it will likely form the basis for the FDA’s official guidance.
First and Only DTSec-Compliant Chipset for Diabetes Management Devices
As a leader in IoT security, Silicon Labs worked with the DTS to have the first—and only—DTSec-compliant ICs on the market. With EFR32BG27, device designers stay ahead of FDA standards throughout their product’s lifecycle. Silicon Labs’ EFR32BG Series 2 Bluetooth ICs feature the highest level of Security Evaluation Standard for IoT Platforms (SESIP) certification possible to ensure robust and reliable resistance to hardware and software attacks. The SESIP certification includes IEEE 2621, the IEEE connected standard for medical devices in diabetes management. Evaluation reports are available upon request.
EFR32BG features include:
- Series 2 Bluetooth LE SoC with SESIP Level 3 certification based on ISO Common Criteria
- Limited physical attacker resistance
- Software attacker resistance
- Isolation of platform
- Unbreakable TRNG
EFR32BG also includes Secure Vault to protect against attack vectors. Secure Vault offers a secure processing environment (SPE) for both hardware and software, anti-tamper, and counterfeit prevention via secure attestation and certification injection.
Through Secure Vault, the EFR32BG is also backed by:
- True Random Number Generator (TRNG)
- Secure/Crypto Engine
- Secure Boot w/ RTSLSecure Debug
- Secure OTA
- Differential Power Analysis (DPA) Countermeasures
For more information on our DTSec-certified SoCs, read our materials on secure wireless connectivity for portable medical devices or reach out to a Silicon Labs representative.