MEDICAL DEVICE SYSTEMS AND BLUETOOTH® WIRELESS TECHNOLOGY… · 2018-07-26 · Outline • Bluetooth® wireless technology introduction • Bluetooth benefits for medical systems

MEDICALDEVICESYSTEMSANDBLUETOOTH®WIRELESS

TECHNOLOGY:OPPORTUNITIESANDCHALLENGES

MakingMedicalDevicesWirelessintheDigitalHealthAge:Issues,Risks,andPracticalAdvice

BillSaltzstein

CodeBlueConsulting

Outline

•  Bluetooth®wirelesstechnologyintroduction•  Bluetoothbenefitsformedicalsystems•  TheMedicalInternetofThings•  Bluetoothcoexistence•  Bluetoothsecurity•  Bluetoothmedicaldeviceregulatory

07/18/18 IEEE2018EMBSconference 2

BluetoothisaregisteredtrademarkoftheBluetoothSIG,Inc.

Bluetoothwirelesstechnologyintroduction

•  Provides connectivity for all mobile platforms •  Ubiquitous •  Low power •  Low cost •  Audio & Data transports •  Good range – typically 50 feet connection to iPhone/Android

•  Operates well (cooperates) in RF noisy/crowded environments •  Fast 2.4 GHz FHSS radio (Frequency Hopping Spread Spectrum) •  Adaptive Frequency Hopping •  Error detection, retransmission, error correction

•  Bluetooth 4.0 added Bluetooth low energy transport •  Greatly improved cost/power (CFR2032 coin cell operation) •  Lower data rates, (100’s of Kbps à 1 Mbps) •  Greatly simplified communications stack •  Flexibility for custom services & profiles •  Beacons •  Mesh


TheBluetoothlowenergytechnologybasics

•  2.4(–2.485)GHz,FrequencyHoppingSpreadSpectrumtechnology•  40discretechannels,2MHzwide,psuedo-randomhoppingsequence(1600

hops/second)•  DedicatedAdvertisingchannels•  Adaptivefrequencyhopping(AFH)forcoexistence/interference•  10dBMmaximumpoweroutput;increasedforBT5•  ~50metersdependingonplatform/implementation•  ~100Kbpsrealizablethroughputdependingonplatform/implementation


Bluetoothbenefitsformedicalsystems

•  Ubiquitoussupport–itiseverywhere

•  ExcellentcoexistencewithWiFi

•  Lowcost,lowpoweroperationenablesmobileandwearabledevicesandsystems

•  Firsthoptothecloud•  PersonalAreaNetwork•  MedicalInternetofThings


•  BluetoothlowenergyGenericAccessProfile(GAP)specifiesadvertiser/scannertoestablishconnections

•  Anadvertisementcanputoutanyinformationanddoesn’trequireconnection

•  Abeaconisastructuredadvertisement– Undirectedbroadcastofdata–  ThinkUDPascontrastedwithTCP

•  Twoad-hocstandardshaveevolved–  iBeacon-iOS–  Eddystone–Google/Android

Beacons


Bluetoothmesh1.0•  Version1.0usesadvertisingandrepeaters•  “Flood”network•  Doesn’trequireBluetooth5

a

b

jc

d

f

h

i

g

ka

b

jc

d

f

h

i

g

k

Edgerouter

Edgerouter

IPbackbone


Bluetooth5•  Releasedattheendof2016•  Longrange

–  Upto4x(~200meters)–  Tradeoff:lowerspeed–  Alsohigherreliability…

•  Highspeed–  Samepower–  Tradeoff:reducedrange

•  Increasedadvertisingcapability–  Morebroadcastdata–  Advertisingondatachannelstoreducecongestion–  Chaining–  Periodicadvertising

•  Additionalcoexistencemeasures•  Alloftheaboveareoptionalandarenegotiatedafterconnectionforbackwards

compatibility


TheMedicalInternetofThingsArchitecture

Wearable:Sensors,Button,LEDs,

Rxdelivery Usage,data

Settings,Software

Patientinfo,data

Settings,Software

AI(coaching)

Usedata

EHR

Real-timePersonalCoaching/Analytics

Billing

07/18/18 IEEE2018EMBSconference

Short-range Long-range

Enterprise

AdaptedfromChronoTherapeuticssmokingcessationsolution(investigational)

Thisslidehasnotbeenreviewedorapprovedbytherespectivemanufacturer.Informationpresentedutilizespubliclyavailableinformation,butmayalsoincludefeaturesthatareincludedforillustrationbythispresenter,andarenotpartoftheactualsystem.

9

MobileorFixedgateway

InsertableCardiacMonitor•  AbbottConfirm™RXICM•  “Theworld’sfirstsmartphone-compatibleICM”•  FDAclearedOctober,2017


Thisslidehasnotbeenreviewedorapprovedbytherespectivemanufacturer.Informationpresentedutilizespubliclyavailableinformation,butmayalsoincludefeaturesthatareincludedforillustrationbythispresenter,andarenotpartoftheactualsystem.

10

Bluetoothcoexistencemechanisms

•  FrequencyHoppingSpreadSpectrum(FHSS)•  AdaptiveFrequencyHopping(AFH)•  Errorhandling

– Detection– Packetretransmission– ForwardErrorCorrection


Bluetooth-specificcybersecurity

•  Security/authenticationwithoutphysicalconnection– Spoof/mimicdataconnections– Eavesdropping

•  ManinTheMiddle(MTM)attacks(especiallyduringpairing)

•  OverTheAir(OTA)upgrades•  Settingchanges•  Advertisingpromiscuously

IEEE2018EMBSconference07/18/18 12

Bluetoothsecurityfeatures•  FHSSinherentlydesignedtominimizeeavesdropping(butthatwasfor

WWII)•  Pairingandbondingmodesdependingonrequirementsanduserinterface

–  Notethatold-stylePINhasbeendeprecatedandshouldnotbeusedinnewdevices

•  Caution:“Justworks”modeisavailablewithnoencryptionorauthentication

•  128-bitAESforencryption,severalmethods/meansforauthentication•  Modeandleveldefinitionallowsforappropriateimplementations

–  SecurityMode1Level4:strongestincludingauthenticatedlowenergySecureConnectionspairing&EllipticCurveDiffie-Hellman(ECDH)basedencryption

–  SecurityMode1Level3requiresauthenticatedpairing&encryptionbutdoesnotuseECDH-basedcryptographyandprovideslimitedeavesdroppingprotectionduetoweakencryption

–  Othersecuritymodes/levelsallowunauthenticatedpairing(meaningnoMITMprotectionisprovidedduringcryptographickeyestablishment)

–  Somemodes/levelsdonotrequireanysecurityatall•  Itisessentialtoperformappropriatecybersecurityandriskanalysisand

implementandtestappropriately07/18/18 IEEE2018EMBSconference 13

Cybersecurityrecommendations•  UseBluetooth4.2andlater•  Securitybydesign,notobfuscation

–  End-to-endsolution,bothconnectivityandatrest–  DesignforCybersecurity–  DesignforPrivacy

•  Limitinformation:don’texchangeunnecessarydata•  Limitvulnerabilities

–  Limittimeandaccessibility•  Pairing•  Securitykeyexchanges

–  Don’tuseunnecessaryprofiles–  Setandenforcepolicies

•  Don’tadvertisepromiscuously


•  Medicalregulatoryrequirements–  USFDA–  EUMedicalDeviceRegulation(andwhatabouttheUK?)–  Othercountries/regionspermarketing

•  Wirelessstandardsbodies–  BluetoothSIG–legalrequirement–  NoIEEEformalapproval(IEEE802.15.1)

•  Radioregulators-required–  FCC–US

•  SARforpatient-worndevices)–  IC–Canada–  EU–ETSI,R&TTE–  Japan–MIC–  Othercountries/regionspermarketing


The3groupsofregulators

–  Interoperabilityisadual-edgesword•  Marketdominance•  Regulatoryscope

– AAMI–primarilyforin-hospitaldevices– BluetoothSIGprofiles

•  BluetoothTranscodingWhitepaper•  Health/medicalprofiles–usethemifyouwish• WithBluetoothlowenergyyoucanmakeyourown

– ContinuaAlliance?– FHIR,HL7,…ifutilized


…andthe4thgroup:“interoperability”

•  Safetyandefficacyfortheintendeduseintheintendedenvironment(s)

•  Interference&Coexistence–  Ad-hoctestingbasedonenvironmentforIntendedUse–  RFGuidancedocumentsandindustrystandards

•  Latency&Throughput–  Considerdegradationagainbasedonenvironment

•  Cybersecurity•  NIST•  Referencesattheendofthispresentation


Regulatoryconsiderations

Summary

•  Bluetoothwirelesstechnologyprovidesanexcellentcommunicationsmethodformedicaldevicesandsystems

•  Aswithallwirelesstechnologiesspecification,design,implementation,andtestingarekeyelements


Contactinformation

BillSaltzsteinCodeBlueConsulting

[email protected]

425-442-5854


SelectedCybersecurityReferences•  HealthcareIndustryCybersecurityTaskForcereport

–  https://www.phe.gov/Preparedness/planning/CyberTF/Documents/report2017.pdf•  GuidanceforIndustry-CybersecurityforNetworkedMedicalDevicesContainingOff-the-Shelf(OTS)Software

–  http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm077823.pdf•  ContentofPremarketSubmissionsforManagementofCybersecurityinMedicalDevices

–  http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM356190.pdf•  PostmarketManagementofCybersecurityinMedicalDevices

–  http://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm482022.pdf•  NIST:CybersecurityPracticeGuide,SpecialPublication1800-1:"SecuringElectronicHealthRecordsonMobile

Devices”–  https://nccoe.nist.gov/projects/use_cases/health_it/ehr_on_mobile_devices

•  NIST:GuidetoBluetoothSecurity–  http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-121r1.pdf

•  ISO14971:2007Medicaldevices--Applicationofriskmanagementtomedicaldevices–  http://www.iso.org/iso/catalogue_detail?csnumber=38193

•  HHS:YourMobileDeviceandHealthInformationPrivacyandSecurity–  https://www.healthit.gov/providers-professionals/your-mobile-device-and-health-information-privacy-and-security

•  Archimedes–AnnArborResearchCenterforMedicalDeviceSecurity–  https://secure-medicine.org

•  BITAG:InternetofThings(IoT)SecurityandPrivacyRecommendations–  http://www.bitag.org/documents/BITAG_Report_-_Internet_of_Things_(IoT)_Security_and_Privacy_Recommendations.pdf

07/18/18 20IEEE2018EMBSconference

AdditionalFDAguidance•  FDAlandingpageforDigitalHealth

–  http://www.fda.gov/medicaldevices/digitalhealth/•  GeneralWellness:PolicyforLowRiskDevices

–  https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm429674.pdf•  MobileMedicalApplications

–  http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM263366.pdf

•  MedicalDeviceDataSystems,MedicalImageStorageDevices,andMedicalImageCommunicationsDevices–  http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM401996.pdf

•  RadioFrequencyWirelessTechnologyinMedicalDevices–  ohttp://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm077272.pdf

•  SoftwareasaMedicalDevice(SAMD):ClinicalEvaluation–  https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM524904.pdf

•  ClinicalandPatientDecisionSupportSoftware(draft)–  https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm587819.pdf

•  ChangestoExistingMedicalSoftwarePoliciesResultingfromSection3060ofthe21stCenturyCuresAct(draft)–  https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm587820.pdf

•  GuidanceforIndustry,FDAReviewersandComplianceonOff-The-ShelfSoftwareUseinMedicalDevices–  http://www.fda.gov/downloads/MedicalDevices/.../ucm073779.pdf

•  Enforcementdiscretion–  http://www.fda.gov/MedicalDevices/DigitalHealth/MobileMedicalApplications/ucm368744.htm

•  DecidingWhentoSubmita510(k)foraSoftwareChangetoanExistingDevice–  https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm514737.pdf

•  DesignConsiderationsandPre-marketSubmissionRecommendationsforInteroperableMedicalDevices–  https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm482649.pdf


AAMI•  TIR57:Principlesformedicaldevicesecurity—Riskmanagement–  https://standards.aami.org/kws/public/projects/project/details?project_id=876

•  TIR69:RiskAssessmentofradio-frequencywirelesscoexistenceformedicaldevicesandsystems–  https://standards.aami.org/kws/public/projects/project/details?project_id=1114

•  ANSIC63.27-2017:AmericanNationalStandardforEvaluationofWirelessCoexistence–  https://standards.ieee.org/findstds/standard/C63.27-2017.html


•  Transcoding(andother)Whitepapers:– https://www.bluetooth.com/develop-with-bluetooth/white-papers

•  Bluetooth5Standard:– https://www.bluetooth.com/specifications/bluetooth-core-specification


BluetoothSIG

23

Acronyms(googlefordefinitions/information)

•  AFH–AdaptiveFrequencyHopping•  BLE–Bluetoothlowenergy•  BR/EDR–BasicRateorEnhancedDataRate(SeeBluetoothspecifications)•  FHSS–FrequencyHoppingSpreadSpectrumradiotransport•  ISM–Industrial,Scientific,andMedical:frequencybandsallocatedbythe

FCC•  LAN–LocalAreaNetwork:IEEE802.3•  MBAN–MedicalBodyAreaNetwork•  MDDS–MedicalDeviceDataSystem(seeReferencesection)•  NFC–NearFieldCommunications•  PHI–ProtectedHealthInformation•  SIG–SpecialInterestGroup,inthiscasetheBluetoothSIG•  WiFi–WirelessFidelity:IEEE802.11specifications•  ZigBee–WirelessstandardfromtheZigBeeAlliance,basedonIEEE

802.15.4
