Crypto-agility key to securing connected medical devices

Ellen Boehm

By Ellen Boehm, Senior Director of IoT product management at Keyfactor.

Connected medical devices are an important tool for medical practitioners leaning into telehealth through the COVID-19 pandemic. Real-time data relay and visibility are vital, helping healthcare providers manage chronic conditions, maintain accessibility, improve outcomes and reduce the overall cost of care.

With patient health on the line, keeping connected devices secure is mission critical. Security isn’t static; manufacturers need to continuously update not just the software on a device, but the security measures used on the device as well. Patients and providers count on manufacturers to build devices that can be trusted out-of-the-box and through end-of-life.

Many internet of things (IoT) devices in healthcare lack proper authentication – the method of allowing access to only trusted apps, users and systems. The result puts devices at risk of data breaches or device hacking, causing direct harm to the patients and healthcare providers that depend on the device operation and its uptime.

With no clear-cut set of IoT security standards to reference, industry experts recommend using public key infrastructure (PKI) and digital certificates as an effective way to securely authenticate devices without compromising interoperability. PKI is a battle tested tool used in IT to manage the digital certificates and keys that protect digital identities associated with people, applications and devices.

Unique device identities provide mutual authentication as the device attempts to connect to gateways, update servers or other devices – without the need for static passwords or tokens. Digital certificates provide device makers with a method to communicate securely with devices even after they’ve been deployed into the ‘wild’.

Security starts at design

Pre-pandemic, device makers and industry regulators worked to implement measures that would ensure security is built into the device at design and sustained through its lifecycle. Building crypto-agility in at device design is becoming a foundational best practice. Historically, if a healthcare device failed, the entire fleet would be recalled for update or repair – a time consuming and inefficient process. In the case of a full fleet recall, making sure all products were properly updated was difficult.

Today, building with crypto-agility means that cryptography on a device can be changed out or updated remotely and securely if it depreciates over time. In combination with PKI, device tracking and cybersecurity incident management becomes simpler, giving manufacturers the ability to respond and address issues and long-term threats immediately.

When designing a security architecture and ideal state platform for IoT devices manufacturers can start with eight basic cryptographic considerations:

    1. Engage the product team that owns the vision and understand where the device will be two, five, ten years from activation.
    2. Stay ahead of expired certificates and outdated keys or algorithms that could put the security of your devices and safety of patients at risk.
    3. Create a plan to manage how these devices will migrate to new keys and algorithms as they become available, and within a reasonable timeframe to limit downtime of devices.
    4. Ensure compatibility with a variety of cloud environments for credential, certificate, symmetric key and signing vault storage.
    5. Manage distributed and global manufacturing facilities to ensure the same security standards and protocol are adhered to.
    6. Employ multi-factor authentication at device activation and commissioning for identity confirmation.
    7. Control unconnected devices or devices outside network range using mobile devices as a secure gateway. This is an important step to establish a trusted gateway to marshal data to the IoT cloud.
    8. Implement a crypto key management system to connect the ecosystem across IoT, cloud, the gateway and the manufacturing device. This system helps manage all applications within the ecosystem, enforces permissions for people interacting with the systems and maintains an audit trail supporting compliance requirements.

In many cases, IoT devices are not constantly connected to the internet, but they have intermittent connection. Whether online or offline, a trusted connection and/or intermediary is needed for field maintenance or interval repairs.

No device is hack proof, but adoption of cybersecurity best practices in design and development gives device makers the ability to drive innovation while mitigating the risk of emerging threats, especially as connected medical device usage rates climb in a post-COVID world.

About the author:
Ellen Boehm has over 15 years’ experience in leading new product development with a focus on IoT and connected products in lighting controls, smart cities, connected buildings and smart home technology. Currently, she is senior director of IoT product management at Keyfactor, a leading provider of secure digital identity management solutions. There, Ellen leads the product strategy and go to market approach for the Keyfactor Control platform, focusing on digital identity security solutions for the IoT device manufacturer market. For more information visit:

Related posts