By Nadia ElKaissi, CHTM
Picture this: Dr. Smith was a well-respected oncologist, known for his forward-thinking approach to patient care. Always eager to embrace new technology, he stumbled upon a sleek, new Bluetooth-enabled chemotherapy infusion pump that promised to streamline his workflow by allowing him to monitor a patient’s treatments directly from his smartphone. It sounded perfect. The only issue was that the device was not Federal Information Processing Standards (FIPS) compliant. Dr. Smith had previously encountered the term “FIPS” in relation to Wi-Fi capabilities and assumed that using the equipment’s Bluetooth functionality would be similarly acceptable. The vendor neglected to fully disclose that while the device’s Bluetooth capability was cutting-edge, it was unencrypted, leaving it vulnerable to cyber threats. Within weeks of integrating the pump, a cybercriminal intercepted the unencrypted Bluetooth signal, and began to manipulate the dosage data. This resulted in a patient receiving a dangerously incorrect amount of medication. The incident, which went unnoticed until after the damage was done, led to a significant patient safety event. This scenario underscores the critical risks associated with deploying non-compliant technology in health care environments. Dr. Smith learned quickly that prioritizing convenience over security can have catastrophic consequences.
In the ever-evolving world of medical technology, it’s easy to get swept up in the excitement of new technology. However, as Dr. Smith learned the hard way, a little due diligence can prevent a lot of damage. With new technology, there is an increasing need to understand and know how to secure the new wireless technologies, especially Bluetooth. So, what is Bluetooth, and why is it becoming more common in medical devices than Wi-Fi? With the ongoing expansion of telehealth and the need for reliable, secure wireless communication, Bluetooth has become more prevalent in medical devices than ever before. Bluetooth is a radio frequency (RF) communication protocol that enables the short-range data exchanges between devices. It is energy-efficient and reliable, using frequency-hopping to minimize interference with other wireless technologies. For patients managing their health remotely, Bluetooth-enabled devices like blood pressure monitors, glucose meters, and wearable ECGs provide critical connectivity, transmitting vital health information directly to health care providers without the need for extensive network infrastructure.
As Bluetooth continues to play a larger role in the medical field, it is essential to prioritize the most secure Bluetooth configurations and document potential threats associated with the implementation of the medical technology. As wireless communication between medical devices becomes more prevalent, a solid understand of Bluetooth security measures – such as pairing methods, encryption, frequency hopping, authentication, and authorization becomes vital. Following are some key considerations and questions that should guide discussions with vendors when evaluating Bluetooth-enabled medical devices:
Pairing Methods
When evaluating a Bluetooth configuration, the best way to start is with the device’s pairing method. New technologies often boast quick and easy ways to establish connections, but these can be vulnerable if not properly secured. For instance, the “Just Works” pairing method, while convenient, offers minimal protection and leaves the device susceptible to man-in-the-middle attacks. It’s advisable to inquire about additional security measures, such as a Passkey Entry or Numeric Comparison method, which requires user verification before pairing.
Encryption Strength
When discussing Bluetooth capabilities, it is important to assess the encryption algorithms in use. Ask for the Bluetooth version and specific features, to provide an accurate representation of the device’s wireless communication technologies. Vendors may claim that their products are Bluetooth-compatible, but they often fail to provide specifics about the Bluetooth security mode, levels, or version. Security modes will define how devices authenticate, encrypt and manage access during communication. There are 4 different levels of security modes and Security Mode 4 is mandatory for all Bluetooth 2.1 and later devices since it enforces Secure Simple Pairing (SSP) and supports robust encryption standards. Security levels, on the other hand, categorize the strength of security within a mode, ranging from unauthenticated, low-security connections to high-security connections that require encryption and mutual authentication. Using higher security levels within the appropriate security modes ensures that data transmitted over Bluetooth is protected against threats like unauthorized access. Some questions you can ask a vendor to understand how the device is configured:
- Which Bluetooth version does the device use? Always look for the latest version possible as it will over more advanced secure capabilities.
- What security mode(s) does the device support? Remember that Security Mode 4 is mandatory for Bluetooth 2.1 and later.
- Is the Bluetooth communication encrypted? If so, what type of encryption is used? Ask if the device uses AES-CCM encryption (with 128-bit keys), which is standard in Bluetooth for protecting data in transit.
Frequency Hopping
Bluetooth’s Frequency Hopping Spread Spectrum (FHSS) technique is a cornerstone of Bluetooth’s security architecture. It minimizes the likelihood of interference by rapidly switching the communication channel between different frequencies. When two Bluetooth devices communicate, they “hop” between different frequencies within a designated range. Bluetooth uses 79 channels in the 2.4 GHz frequency band and can switch between channels up to 1,600 times per second. The changing of frequencies makes it difficult for other devices to interfere with the connection and helps Bluetooth stay within Federal Communication Commission (FCC) guidelines. During the evaluation, confirm that the device employs FHSS and inquire about its compliance with the FCC’s guidelines, which are designed to ensure co-existence among multiple wireless systems operating within the same frequency band.
Authentication and Authorization
Authentication and authorization are critical components of Bluetooth security, working in tandem with pair methods to ensure that only trusted devices can connect and access sensitive data. Having a medical device with Bluetooth enabled and no authentication poses significant security risks. Without authentication, the device is vulnerable to unauthorized access, allowing malicious actors to connect and potentially manipulate or steal sensitive data. While authentication verifies the identity of a device before allowing to pair, authorization controls what a device is permitted to do once connected. When discussing Bluetooth security with a vendor, it’s important to confirm what method of secure authentication the device uses. You should also inquire about controls in place to ensure that connected devices have access only to the data and functions necessary for their intended use.
While understanding Bluetooth security for medical devices is crucial, it is equally important to take specific steps to ensure that clinical staff are using these devices correctly, particularly when connecting the device to a phone or tablet. Even the most secure Bluetooth setup can be compromised if staff are not properly trained or if they inadvertently connect to unauthorized devices. Comprehensive training, clear protocols, and regular audits are essential to ensure that staff are pairing devices securely and following best practices. Additionally, limiting device connectivity to approved phones or tablets and using secure applications can further safeguard against unauthorized access. By combining robust security measures with thorough staff education and adherence to protocols, health care facilities can effectively protect patient data and maintain in the integrity of Bluetooth-enabled medical devices.
Bluetooth offers numerous advantages in medical technology such as telehealth and therefore it’s critical to evaluate its security architecture thoroughly. By choosing configurations that maximize security – through strong pairing mechanisms, robust encryption and effective authentication – you can ensure that your healthcare environment remains protected against emerging threats.
Reference:
National Institute for Standards and Technology (NIST) Interagency or Internal Reports 8267 DRAFT, Security Review of Consumer Home Internet of Things (IoT) Products, October 2019
