Why flash controllers are needed in medical security
Article By : Katrin Zinn
Flash storage for medical devices must provide error-free operation with the ability for firmware updates to ensure continued security.
Like any other environment that uses electronic devices connected to a network, the healthcare industry is vulnerable to cyber threats. These attacks may be motivated by a desire to steal information or money, or just to cause chaos.
However, unlike most other sectors, attacks on medical equipment can put people’s health, or even lives, at risk. Especially, when a wide range of medical devices are networked for easier patient monitoring and management. This includes drug infusion pumps, pacemakers, as well as devices for monitoring heart rate, blood pressure and other vital signs.
The number of cyberattacks in the healthcare sector has been increasing for several years, as the number of connected devices has increased. On top of that, there are still vulnerabilities in some widely used equipment. For example, researchers have found networked devices running old and unpatched operating systems with known security flaws. In some cases, even the most basic security mechanisms had not been implemented, such as devices with default passwords that could not be changed.
The risks to healthcare systems
Many medical devices are networked and run the same standard operating systems as laptops and smartphones. As with the rest of the Internet of Things (IoT), they are connected to the Internet to exploit the benefits of cloud storage and computing. Many can also be controlled remotely.
In 2011, Jay Radcliffe, a security researcher, demonstrated that hackers can easily gain access to medical devices that use wireless communications for receiving commands. He was able to hack into his own insulin pump; someone else doing this would have been able to either stop the delivery of insulin or deliver a dangerous overdose.
One real-world example of an inadvertent attack was the case of heart monitors being infected by a computer worm in a neonatal intensive care unit. The worm was not specifically targeted at medical devices—it was intended for stealing credit card details—but it was so poorly written that it caused the heart monitors to crash repeatedly, leaving premature babies unmonitored for dangerous periods of time.
In the last 10 years, the number of connected medical devices has exploded, so the potential risks have grown too. Although there were many vulnerabilities in the past, such as the one Radcliffe demonstrated, manufacturers and regulatory authorities have taken the issue more seriously since then.
However, many of the devices currently in use were developed before the industry was aware of the need to take cybersecurity seriously. These devices may be running outdated or insecure software and it may not be possible to upgrade them. Furthermore, medical equipment is expensive, so these systems cannot be quickly replaced. As a result, there are still many potential risks to healthcare systems and medical devices.
The most serious risk is an attack that affects the function of devices to endanger health.
But a compromised device can also be used as a gateway to get access to other systems. It could be used to steal data or perform a ransomware attack. Besides data and financial losses, there is also the risk of reputational loss if hospitals or medical device manufacturers are thought to be vulnerable.
Even in the absence of these external threats, devices in medical environments need to be highly reliable. Random failures can also put health at risk. It’s also essential that events such as unexpected power failure do not cause any loss of data or corruption of firmware.
Protecting systems from attack
Protection of systems against cyberattacks needs to be multi-layered and implemented at every level. It requires a detailed threat analysis to determine the vulnerabilities that need to be addressed.
On top of this, security awareness training for all staff is required. This must cover basics such as using appropriate passwords and keeping them secure. It also needs to include awareness of the various types of “phishing” attacks that might be used to try and extract information or trick people into giving access to systems.
This needs to be a continuous process as new threats and vulnerabilities emerge over time. Security also needs to be considered at every level of the design of the devices, including memory and firmware.
The storage for code and data is typically based on NAND flash because of its advantages of high speed, low power consumption, and lack of moving parts. Flash memory needs to be carefully managed to minimize the effects of the characteristics of the technology, such as the limited number of programs and erase cycles.
Here, flash-memory controller is critical for providing reliable operation, error free data storage and a long operating life. Maximizing the operating life requires the use of various techniques, such as intelligent wear leveling. Preventing errors in the data depends on the use of advanced error correction codes (ECC) to detect and correct errors.
The controller chip needs to be matched to the characteristics of the flash memory to ensure maximum reliability. The behavior of the flash memory will also change over time. A high-quality controller will monitor the characteristics of the flash memory over its lifetime and adjust for any aging effects.
The flash controller also needs to protect against data loss caused by unexpected power loss. This is particularly important for safety-critical applications such as medical systems. A controller can employ several mechanisms for this. For example, the controller continuously monitors supply voltages, and if they fall below a critical threshold, all pending data is written to flash so that no data is lost.
To ensure that the controller provides the best results with any given flash memory, suppliers like Hyperstone use a rigorous qualification process and lifecycle testing to generate data about the flash memory. This process determines the characteristics of each flash, and in turn, allows engineers to optimally configure the controller’s firmware to maximize the reliability and lifetime of the flash memory.
Reliable firmware updates
Cybersecurity is not static, so it’s necessary to have the ability to provide in-field software updates to patch newly discovered vulnerabilities. This is also valuable for providing new features and bug fixes.
The update mechanism itself must be reliable and secure from attack, with no risk of program code corruption or data loss. Therefore, the controller needs to support secure firmware updates. This typically uses public-key cryptography to generate a digital signature of the code to be installed so that the system knows it’s from a trusted source and has not been tampered with. The same technique can also be used each time the system boots to validate that the code has not been modified maliciously or corrupted by a random hardware failure.
The algorithms used for advanced ECC and public-key cryptography can be computationally demanding. A high-performance and flexible flash controller is required to accommodate these requirements: either capable of implementing the algorithms as a proprietary solution or integrating support via an appropriate IC.
Flash storage for medical devices must provide secure, reliable, and error-free operation with the ability for firmware updates to ensure continued security. Here, flash controllers implement many features to ensure reliable operation, including preventing loss of data due to unexpected power failures. Proprietary security algorithms can be fully integrated with the controller firmware through a customer firmware extension.
This article was originally published on EDN.
Katrin Zinn is technical marketing manager for flash controllers at Hyperstone.