Medical Device Security: Threats and Solutions

Blog published by CW (Cambridge Wireless), under Healthcare Applications, Internet of Things (IoT)

Why is good UX crucial to cyber security?

The so called ‘WannaCry’ ransomware campaign that brought parts of the NHS to a standstill earlier this year, was a stark reminder that information security is of paramount importance in the healthcare industry.

As ever more medical devices and systems become part of the Internet of Things (IoT), we must ensure that security is considered at the outset of all product development. Such was the key message of ARM’s Hugo Vincent in the opening talk of Cambridge Wireless’s most recent healthcare SIG event concerning security. As Hugo stated healthcare provides an attractive target for hackers; the information that clinicians and medical practitioners store is of very high value, often on outdated or poorly maintained digital systems.

UX cartoon

Figure 1 - UX is the key to good security (Credit:

Throughout the course of the event speakers from Arm Ltd, Darktrace, InVMA, KPMG and the NHS described efforts and approaches to tackle theft of patient data and disruption to healthcare services. However, most observed that even with ever more robust encryption, multi-factor authentication and digital certificates the weakest link would continue to be the humble human being operating the device or providing the service at the point of care.

It would appear that even the best technologists, software engineers and systems architects cannot account for the behaviour of the end user. Except they can, when they consider the user experience (UX) design to be just as important as the underlying technology. If healthcare devices aren’t designed in a user-centred manner, poorly designed interfaces and ergonomics will result in products being avoided, misused, turned off or left open to vulnerability.

Equipment misuse is a serious issue in areas such as drug delivery whereby well-meaning relatives or nefarious individuals can tamper with dosage rates, causing patients to receive too much or too little medication. However, authentication technology is often determined by what is cheapest and easiest to implement rather than would what make for the best user experience. The move towards biometrics in mobile phone security has proven that there are better solutions to requiring users to remember long and complex pass phrases and pin codes.

A number of the speakers described how the ‘arms race’ between the good guys and bad guys of cyber security is leading to the development of AI based tools such as Darktrace. Historically anti-malware and security products have relied upon historical data, and familiarity with previous attack methods to protect against new ones. However, for new attacks to be effective they have to be novel and novelty is difficult to predict or characterise. Automated tools are believed by some to be the way forward, blessed with the ability to differentiate ‘normal’ from not normal and make appropriate decisions.

Whilst this sounds fantastic, AI systems are not perfect and sometimes a human being is needed to provide a second opinion or adjudicate over different recommended strategies. Therefore, the user experience of the software and the human-computer interaction (HCI) becomes a cornerstone of the success or failure of the system. This leads neatly to an emerging area of AI called XAI or ‘explainable AI’ which was mentioned during the event; in essence, a computer is able to explain its decision-making process to better allow a human to decide whether the right decision has been made. Thus, rather than AI being a ‘black box’ a human and computer can work together to improve efficiency and reduce error.

At Dovetailed we work with companies across many different and varied industries, including healthcare and security. Our user-centred and evidence based approach enables us to design and implement digital products with exemplary ease of use, efficacy and foster positive connections between products and people. Improving usability and minimising user frustration leads to better outcomes for patients, and more robust security for patient data. 

Written by Robert Curtis, Principal Designer, Dovetailed

Subscribe to the CW newsletter

This site uses cookies.

We use cookies to help us to improve our site and they enable us to deliver the best possible service and customer experience. By clicking accept or continuing to use this site you are agreeing to our cookies policy. Learn more

Start typing and press enter or the magnifying glass to search

Sign up to our newsletter
Stay in touch with CW

Choosing to join an existing organisation means that you'll need to be approved before your registration is complete. You'll be notified by email when your request has been accepted.

Your password must be at least 8 characters long and contain at least 1 uppercase character, 1 lowercase character and at least 1 number.

I would like to subscribe to

Select at least one option*