Cyberattacks targeting critical medical equipment require original equipment manufacturers (OEMs) to reassess device security strategies.

At the start of 2016, the U.S. Food and Drug Administration (FDA) drafted guidance for securing medical devices, recommending that “medical device manufacturers address all risks, including cybersecurity risk,” but proposed guidelines do not cover hardware security.

Hardware hacking

One of the biggest issues facing devices across all industries is hardware hacking – when a counterfeit or grey market component is used in a device, undermining its integrity. This can range from a USB memory stick in a hospital computer carrying malware to a counterfeit battery installed in a device.

An OEM might want to consider including algorithmic security so only a battery certified by the OEM can be used in the medical device, an approach that would require consulting with a battery manufacturer early in product development.

Algorithmic security software encryption programs the certified battery with a key known only to the battery manufacturer and the medical device OEM. The device issues a random challenge to the battery and requires an immediate response based on calculations determined by its internal key.

If the battery is unable to give a correct response, the device determines that the battery is suspect and performs an OEM predetermined action. This can vary from the device shutting down, allowing discharge but not charge, or alerting the OEM of the infringement, potentially voiding the warranty.

Design considerations

OEMs often turn to a battery manufacturer with a pre-determined space in a medical device, making it difficult for battery integrators to optimize energy density and longevity.

Squeezing cells into the available space may work for cylindrical and prismatic cells housed in metal cases, but is not suitable for pouch cells that have only a thin metalized polyester material to contain and protect the inner electrodes. Any excess force, bending, or locally applied pressure can result in an internal short circuit.

Smart batteries

OEMs want batteries to deliver smart functionality while improving safety, reliability, and performance. A smart battery monitors its state of charge and only requests charging when required.

A smart battery provides accurate runtime information, accounting for many factors, including battery age, temperature, previous discharge history, and discharge rate to provide fuel-gauge accuracy up to 1% to make informed decisions about battery charging and replacement. Smart batteries also have various power modes to put themselves to sleep or shut down when being shipped, maximizing shelf life.

For safety, each series cell in a lithium-ion smart battery is protected against over-discharge and over-charge while the battery is also protected against over-current, short-circuit, and over-temperature. In addition to a primary method of protection [temporarily opening a charge or discharge field effect transistor (FET)], many smart batteries also include a one-time-use logic fuse which can be blown if the battery detects a serious fault condition.

With the wearable medical device market expected to reach $4.6 billion by 2020 – and the FDA expected to push for legal guidelines on medtech security – OEMs must consider battery safety and security as a high priority because they power critical medical devices.

Accutronics Ltd.
www.accutronics.co.uk