Securing Next-Generation Medical Devices with BlackBerry Embedded Software
Public access AEDs (automated external defibrillators) redefined the approach to sudden cardiac arrest, providing crucial aid in critical moments, in a form that could be administered by nearly anyone. These portable devices deliver electrical shocks, swiftly restoring the heart’s normal rhythm and granting a second chance at life.
Now a new generation of AEDs is emerging. These devices are smarter, connected to the cloud — and increasingly at risk for cyberattacks. Internet of Things (IoT) and embedded devices of all types face the same risk. However, in the case of AEDs, a failure to implement robust security could cost someone their life.
What Are Connected AEDs?
Connected AEDs offer a significant advantage over the preceding generation of devices because, in addition to resuscitating the victim, they expedite delivery of critical patient data to physicians. Traditionally, capturing a patient’s ECG (electrocardiogram) data required manual downloading from the AED device that was used on the patient, leading to potential delays in accessing and sharing valuable information.
With the integration of wireless capabilities in connected AEDs, however, data-sharing becomes seamless and allows for data to be swiftly captured and communicated to facilitate healthcare workflows and patient care.
AED Automated Maintenance
Connected AEDs also streamline maintenance and AED program management. In the past, ensuring the readiness of defibrillators demanded time-intensive manual inspections. However, with the advent of advanced AED readiness testing and wireless self-test data sharing, the once-laborious process is now automated and instantaneous. Tracking battery and electrode pad expirations, and even device location, can be seamlessly managed.
Instructional Support and Diagnostics
The landscape of arrhythmia diagnosis is also being reshaped by the emergence of new machine learning techniques applied to ECGs. Particularly in out-of-hospital cardiac arrest scenarios, the algorithm embedded within an AED plays a pivotal role in determining when to deliver defibrillation. These connected AEDs can also communicate real-time CPR guidance in the form of instant audible and visual feedback.
Connected AED Security: Safeguarding Patient Data and Protecting Lives
Along with the ability of these advanced devices to seamlessly collect and transmit sensitive patient data comes the responsibility to protect that data. The protection is key to both upholding patient privacy and complying with stringent data protection regulations, including the FDA’s cybersecurity requirements for medical devices.
The need to maintain privacy and confidentiality are essentially table stakes for all connected medical devices. In the case of AEDs, the potential consequences of malicious manipulation of an AED are dire. Corrupted or tampered data could hinder the algorithm’s ability to make accurate assessments in critical situations, potentially jeopardizing patient outcomes.
Weak security measures could expose these devices to unauthorized access or malware attacks. For instance, if an AED were altered by a malicious attacker to stop detection of VF (ventricular fibrillation), the results could be fatal. In another concerning scenario, an AED could be modified to harm individuals with a beating heart. These possibilities underscore the importance of implementing comprehensive security measures to safeguard the integrity, functionality, and ethical use of connected AEDs.
Building Security Into Connected AEDs and Embedded Devices
By placing security at the forefront of the conversation surrounding connected and embedded devices like the new generation of AEDs, these devices are more likely to be manufactured with trusted components, such as a reliable, secure, and verified real-time operating system (RTOS) built on a microkernel architecture. This approach allows manufacturers to isolate potential cybersecurity vulnerabilities while embracing robust security measures, in accordance with regulatory requirements. By doing so, they ensure that connected AEDs continue to save lives while upholding the highest standards of privacy, integrity, and safety.
BlackBerry is a leader in securing the IoT. BlackBerry® QNX® RTOS offers a comprehensive solution that addresses the critical need for security and privacy in medical and other embedded devices.
Performance and real-time execution are at the forefront of the BlackBerry QNX design philosophy. The QNX® Neutrino® RTOS is built with a microkernel architecture for performance and reliability. Leveraging this microkernel-based RTOS, BlackBerry QNX has a proven track record of supporting millions of mission-critical systems without failure. This level of trust and dependability has made QNX a preferred choice for leading medical device manufacturers.
The microkernel architecture significantly reduces the attack surface, to provide a safe environment that isolates and protects critical features and capabilities. Embedded security features, including secure boot, access control, file-based encryption, and pluggable authentication modules, are seamlessly integrated into the core of the RTOS.
The QNX Neutrino RTOS is pre-certified to IEC 62304 Class C, making it an ideal choice for building life-critical devices. This certification validates the robustness of adherence to industry standards, providing further assurance of the reliability and safety of devices enabled by BlackBerry QNX.
With BlackBerry as a trusted partner, manufacturers can leverage the fast-boot capabilities and the exceptional performance of the microkernel architecture, booting an AED in less than four seconds. This swift start-up time ensures the device is ready for use without delay, optimizing the crucial response time during emergencies.
In the realm of connected AEDs, where security and real-time performance are vital, BlackBerry QNX is a proven solution for medical device manufacturers to deliver innovative, safe, and secure devices that save lives, while maintaining the highest standards of privacy and cybersecurity.
To learn more about how BlackBerry QNX can help secure your medical devices, including automated external defibrillators, contact BlackBerry today.
