Securing the Future of Healthcare: Cybersecurity for Personal Medical Devices

Increasingly, people are noticing a growing number of personal digital technologies within health services that support individuals in managing their health. Today, a range of medical devices—such as continuous glucose monitoring (CGM) systems and insulin pumps—are empowering people with diabetes to manage their blood glucose levels more effectively and with greater independence. 

Many of these medical devices communicate wirelessly and often connect to various systems and servers. This project aims to understand the cybersecurity issues facing these technologies within our health services and to develop new solutions and approaches that help keep all of these medical devices secure. 

The potential risks from malicious cyber-attacks on personal digital medical devices are significant. These include privacy breaches that intercept personal data, denial-of-service attacks that may disrupt device functionality, and, perhaps most critically, integrity attacks that alter how a device operates. Integrity attacks could cause a device to appear to function normally while delivering false readings, which can be extremely dangerous. For example, a cyber-attack on an insulin pump could result in the delivery of an incorrect amount of insulin, posing serious health risks and even becoming life-threatening. 

Funding for this project will enable the development of expertise and the establishment of new capabilities in the UK specifically related to the cybersecurity of medical technologies. While cybersecurity is widely recognised as an important issue, there has been relatively little attention and research focused on personal digital medical technologies. This funding will support the building of expertise in this area and the sharing of knowledge and best practices with manufacturers, health services, and individuals. 

Medical devices undergo rigorous testing and safety checks—known as a certification process—guided by national and international standards to ensure they are safe and appropriate for use. This project aims to inform national standards and the certification processes for digital medical devices with regard to cybersecurity requirements. It is anticipated that this work will influence how new medical devices are designed and developed, as well as how current devices are tested and maintained. 

The team driving this project brings together a unique blend of expertise from a wide range of disciplines, including core cybersecurity, clinical trials in health and medical devices, hardware and electronics, and bio-systems and control theory. The collaboration between Lancaster Medical School and the School of Computing and Communications ensures a comprehensive approach to addressing this complex issue and promises new insights in an area of cybersecurity that has received comparatively little attention. 

Additionally, the project will benefit from the experience and expertise of a range of partners from industry, MedTech SMEs, and third-sector organisations. Their involvement is crucial for contextualising the research and ensuring that project outcomes deliver real-world impact. Ultimately, many of the research innovations developed through this project will need to be translated into commercial developments to achieve tangible improvements in patient care. Industry partners—including Cisco, Hitachi, and the Lister Alliance—will play a key role in ensuring the relevance of the innovations developed and in shaping a pathway towards successful commercialisation. 

As personal digital technologies and medical devices play an increasingly vital role in supporting individuals to manage their health, ensuring the cyber security of these devices is more important than ever. This project addresses the pressing need for robust security solutions to protect sensitive health data and device integrity, while also contributing to national standards and certification processes. By combining expertise from diverse disciplines and collaborating closely with industry leaders and other stakeholders, the project aims to drive innovation and best practices that will help shape the future of secure medical technologies. Ultimately, this initiative has the potential to significantly enhance patient safety, support the commercialisation of secure medical devices, and drive progress in the field of medical technology cybersecurity.