Managing OTA Updates for Medical Devices

The Internet of Medical Things (IoMT) growth has spurred many unique cybersecurity concerns, given its data’s sensitivity and the extensive benefits of adoption when done securely. Like all fields within cybersecurity and IoT management, securing smart medical devices is a complex undertaking. 

Still, some aspects demand special attention. Over-the-air (OTA) updates for IoMT endpoints are both critical and complicated, so they deserve a closer look.

The Challenges of OTA Updates for Medical Devices

Outdated firmware is a massive vulnerability across all IoT systems, but especially within the medical field. Just 22 percent of health care organizations run up-to-date software on all their equipment. As the IoMT grows, this failure to update leaves an ever-increasing attack surface open to known exploits.

OTA updates help by streamlining the process. When all devices can download and install all new patches remotely, keeping everything as secure as possible is easier. However, OTA protocols bring their challenges.

Attackers could insert malicious code into an OTA software patch or pose as an official update to infiltrate an IoMT device. Reliance on hardware that does not meet modern security standards or with conflicting software support may pose a risk by making it difficult to enforce consistent controls. Limited IT resources present a similar issue by restricting bandwidth and connection speeds, hindering efficient updates.

How to Manage Medical IoT OTA Updates

Given these obstacles, medical businesses should create a formal OTA update security plan. These strategies should include the following best practices to ensure IoMT patches remain safe and efficient.

#1: Use Strong Update Authentication Methods

Updating authentication protocols is the most crucial measure. During the 2020 SolarWinds attack, threat actors managed to infect 18,000 companies by injecting malware into an OTA update. Hospitals hoping to avoid a similar fate must use IoT devices with a reliable built-in way to verify a software patch’s origins and contents before installing it.

Public key infrastructure is a popular and effective solution. It uses private digital signatures to ensure the manufacturer issuing the update and the device match before trusting any software sent remotely. These systems come in many forms, but Transport Layer Security is among the most widely used and secure ways to encrypt and certify signatures.

#2: Choose Devices With Secure Boot Functions

Similarly, medical organizations should choose IoT devices with a built-in secure boot mechanism. It works similarly to update authentication but applies during startup after the device has already installed software. Upon booting, the feature verifies the endpoint’s firmware to confirm it matches the authorized manufacturer, reverting to an older version if it notices anything out of place.

Pairing secure boot with an OTA authentication measure ensures that if any tampered or malicious code does get through, the device still won’t run it. Newer solutions can also perform this function with up to 750 percent fewer resources than older methods. Given the common obstacles of bandwidth and hardware restrictions, administrators should look for new IoMT devices that support such functionality.

#3: Encrypt All IoMT Data

IoMT systems also need a way to prevent attackers from tampering with OTA updates in transmission. The fix is relatively straightforward. Health care facilities must encrypt all IoMT data at rest and in transit to keep it private and untampered with as it travels between endpoints.

Encrypting IoT data is often merely a matter of selecting devices that support high-level cryptography methods or applying encryption on a network level. Medical practices should also consider quantum-resistant encryption techniques for long-term protection. Government regulators are currently testing four post-quantum cryptography algorithms, so recommendations may come soon.

#4: Monitor All IoMT Systems

Even with these other protections, malicious or tampered OTA updates can still occur. Some attacks can slip past these patches, too. Consequently, organizations must deploy automated monitoring to find and contain any suspicious activity before it can spread across an IoMT network.

Continuous monitoring will require upfront investment, both for the security software itself and for any necessary IT infrastructure upgrades to support the increased traffic. However, health care data breaches cost $11 million on average, so the price of better security is still more financially sound in the long run. Businesses may also experience lower IT staffing costs from the resulting workflow efficiency improvements.

#5: Stay Up to Date with Regulations

Finally, administrators should keep abreast of any regulatory changes. The Food and Drug Administration recently updated its medical device cybersecurity recommendations, including the requirement for OTA updates, which may become law as attention to security rises. As standards evolve, it or other government agencies could require specific IoMT protections, so companies should stay up to date to ensure compliance.

Reviews should occur at least once annually to see if any changes are necessary to comply with incoming regulatory updates. Even when the law doesn’t require anything, new recommendations or guidance are worth considering to go above the benchmark and ensure greater security.

Medical IoT Devices Need Reliable OTA Update Mechanisms

OTA updates are essential to IoMT security. However, these protections need security adjustments of their own. Medical entities must understand these complex considerations before implementing or scaling their IoT solutions to secure their sensitive data.