This article appeared in Electronic Design and has been published here with permission.
What you’ll learn:
- Why consumer-grade memory modules aren’t considered adequate for medical data storage.
- How durable storage media automatically compensates for NAND chips that age over time.
- How to secure sensitive medical data against spying as well as data loss.
- Why everything in the IoT needs a unique ID.
Manufacturers of medical devices shoulder great responsibilities and must demonstrate their quality management in accordance with ISO13485. This certification also requires that the suppliers of parts and components used in medical devices are qualified. No component can be overlooked. One in particular, at the center of many electronic devices, is critical: flash storage media. Here, judicious selection is imperative. The memory module must protect against device failure, data loss and the disclosure of sensitive patient data.
Solid-state drives (SSDs) and the various formats of memory cards designed for integrating into devices are primarily intended for consumer and IT markets. Consequently, it’s common to see generations of products quickly superseded. In contrast, the working life of medical technology is long, making it distinctly different from that of computers and smartphones.
It’s neither desirable to replace failed memory modules every few years during maintenance procedures, nor is it practical to qualify generations of new components every time just because those originally installed are no longer manufactured. This precipitates two requirements:
- Memory modules used in medical devices must be robust and durable.
- The memory manufacturer must ensure long-term availability with the structure of the product unchanged.
In addition, it should be expected that the manufacturer meets the highest standards in quality management and traceability. The selection of the supplier, who ideally is also a development partner from the requirements stage through to engineering and application support, is already defined. But the choice of suitable products, on the other hand, throws up a number of considerations.
A Dependable Start
Each device containing a processor must load an operating system from a non-volatile memory. When not a PC-based solution, an embedded system typically does this unnoticed by the user. But this has important implications. For devices that are unable to force an orderly shutdown via their user interface, it must be recognized that they will simply be disconnected from the network. At such an event, if not all writes are completed at that moment, data loss occurs.
Memory modules selected for such a device should therefore incorporate advanced Power Fail Protection, for instance, data carriers with enough energy stored in capacitors to allow all write operations to be completed in the event of a voltage drop or loss. This consideration becomes more important given that medical devices are frequently used in places where uninterrupted power isn’t guaranteed.
However, even with pure boot media, on which no user data is written, certain special requirements can only be met by manufacturers who specialize in particularly durable storage for low-maintenance systems. The fact that flash memory is gradually depleted by the delete-write-cycles can be assumed to be well-known.
NAND chips age, which is why in demanding industries such as medical, persistent single-level-cell modules or 3D NAND flash memory used as persistent SLC are now deployed. What is less well-known is that the reading process also stresses the NAND cells and leads to a creeping data loss. Flash memory, from which only the same information is read repeatedly, therefore requires special firmware to ensure that the memory-module controller counteracts this fading by independently correcting errors and copying.
Reliability is a Must
Fail-safe memory modules are much more than a quality feature or a means to reduce maintenance and repair costs. In the medical sector, they’re also in the interests of patients. Notably for diagnostic devices, there’s a clear trend toward mobile solutions.
Even if many of these systems, for example X-ray machines, transmit data online to write directly to the PACS (picture archiving and communication system) wherever possible, local storage is still essential. Wireless communication isn’t always possible or desirable. It goes without saying that a problem with data storage should never be a reason to expect patients to repeat an examination, thereby delaying treatment, re-exposing them to radiation, or prolonging discomfort or pain.
Selection Criteria
Swissbit is a manufacturer that specializes in robust, durable storage products, and says it guarantees long availability against a fixed bill of materials (BOM). The company’s experts recommend that applications are evaluated in terms of the write and read behavior. Portable diagnostic devices, infusion pumps and ventilators are predominantly read-only with low-capacity storage requirements. That’s why microSD, SD, e.MMC or CFast memory cards are typically used here.
Patient monitors and ultrasound devices write more data than they read. As such, 2.5-in. SSD, m.2 SATA or m.2 PCIe are suitable. Such data carriers with correspondingly higher capacity are also suitable for chemical analyzers, endoscopes and imaging systems like CT and X-rays. After this basic classification, further characteristics such as Power Fail Protection need to be considered.
Data Security and Data Protection
In medical applications, the challenge moves on from protecting data against loss to protecting data from spying. Manufacturers should follow the principles of Data Protection by Design and Data Protection by Default.
Patient data is among the most sensitive personal data. Data Protection by Design should be a goal for medical-device manufacturers simply for their own interests. If data protection is “built-in,” a manufacturer needn’t come into contact with patient data during the maintenance of a device; for the doctor or the hospital, that’s already one data protection challenge resolved. The only way to guarantee that patient data can only be viewed by entitled persons is through encryption and controlling access through authentication.
Giving Things an ID
Cryptography, authentication solutions and access management aren’t supposed to be the issue here, but it’s interesting to know how storage media can contribute to security solutions. On the one hand, data carriers can encrypt data themselves. However, today, the security of communications is more important.
Medical technology has long been part of the Internet of Things (IoT). And while the lack of data protection in fitness trackers is still a matter for users, there may be security gaps that are a risk to health in mobile devices like the Remote Cardiac Monitor or the networked insulin pump. Using the IoT search engine Shodan, anyone can find unprotected PACS servers—it doesn’t take special hacking skills. As far back as May 2017, the security provider Trend Micro reported in a study using Shodan that more than 36,000 healthcare devices found in the U.S. alone were potentially vulnerable.
What’s known from IT security—securing communications through identification, verification, authentication and authorization—should also be available for the “things” in the IoT. To prevent a hacker or malicious program pretending to be a communication participant in a network of medical devices and computer systems, “things” must be able to identify themselves. Since pure software solutions are always manipulable, an identifiable hardware component—a Trusted Platform Module (TPM) as a secure element—usually needs to be soldered into the device as early as the manufacturing stage.
Swissbit manufactures USB sticks as well as SD and microSD memory cards with integrated Secure Element as a retrofittable TPM. The advantage is that memory is needed anyway, and the interface is widely used; for example, in tablet PCs that are often deployed as mobile operating and display devices in many modern imaging diagnostic systems.
The data-protection memory cards consist of a flash-memory chip, a smartcard, and a flash controller. Special firmware featuring an integrated AES encryptor opens up further application scenarios. Using a crypto element as the secure element not only allows the communication to be secured, but also the data itself to be securely encrypted. In other words, the flash memory with encryptor can be used to encrypt additional data stores in the system.
Topical Right Now
Medical technology manufacturers striving to increase their production in the global effort against the coronavirus pandemic can purchase secure data-storage modules from Swissbit. The company’s range of highly robust storage media used in medical technology, including SD, microSD or compact flash cards for handheld devices or 2.5-in. and M.2 SSDs for medical imaging, is readily available.
Hubertus Grobbel is the VP of Security Solutions at Swissbit AG.