IEEE Guidelines Address Software and Medical Device Vulnerabilities
May 19, 2015 in News
The Institute of Electrical and Electronics Engineers has released guidelines aimed at helping software developers create baseline security standards for medical device software development and implementation, Health Data Management reports.
About the Guidelines
According to an announcement, IEEE created the guidelines to help diminish or eliminate security vulnerabilities that could allow unauthorized individuals to access medical devices. IEEE wrote, “Most exploited vulnerabilities are due to accidental implementation errors that can be avoided or significantly reduced through the use of specific programming languages and automated tools for checking software” (Goedert, Health Data Management, 5/19).
The guidelines were drafted by a group of 40 volunteers with experience in:
- Medical device development;
- Medical device regulation;
- Medical device standards;
- Programming languages; and
- Software engineering.
The guidelines include a range of coding elements, which are organized into 10 categories, intended to:
- Avoid, detect and remove specific vulnerabilities during implementation (IEEE guidelines, 2015);
- Assure cryptography is used properly;
- Assure software and firmware integrity;
- Impede hacker analysis or exploitation;
- Enable detection and attribution of an attack (Health Data Management, 5/19);
- Help safely degrade device function during an attack;
- Help restore device function after attack;
- Support maintenance of operational software;
- Support privacy requirements; and
- Create standards for desired code characteristics (IEEE guidelines, 2015).