It’s one thing to have your Facebook account hacked – you might unknowingly confuse and/or tick off a few friends – but consider the potentially dire consequences of having all your private medical data stolen, lost, or in some insidious way exposed to the world.
Data security is a huge concern in the medical field, where devices and systems store and communicate information vital to monitoring and sustaining patients’ health. The risk of violation has proven to be widespread, as 477 data security breaches compromising the medical records of about 21 million patients have been reported to the Office for Civil Rights under the U.S. Department of Health and Human Services since 2009.
All medical devices and systems that interoperate inside and outside hospital and clinic ecosystems must be designed with security in mind to prevent unauthorized access, eavesdropping, and session hijacking that could result in irreversible damages such as patient data loss, theft, and breakdown, says Ryan Phillips, database lead engineer at ITTIA.
“Data management security is a fundamental expectation of applications developed for medical devices, as data must be protected both at rest on the device and during communication,” Phillips says. “But who bears responsibility for data security? All components of a device must employ a security-conscious design, from the application and embedded database down to the hardware.”
On the hardware side, embedded designers can make their devices more secure by integrating 3rd-generation Intel® Core™ processors. Besides offering faster performance and greater power efficiency than previous-generation processors, the Ivy Bridge architecture supports Intel® Trusted Execution Technology (Intel® TXT), which protects IT infrastructures from malware by validating the behavior of key components within a server, PC, or medical computing device at start-up. Ivy Bridge further boosts security by providing Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI) to accelerate data encryption and Intel® Secure Key to generate high-quality keys for cryptographic protocols.
An embedded database likewise demands the integration of authentication and encryption technologies such as AES, Salted Challenge Response Authentication Mechanism (SCRAM), and Secure Sockets Layer/Transport Layer Security (SSL/TLS) to secure data storage and distribution, Phillips says. To enable medical devices to store and access information intelligently and securely, an embedded database must meet important technical criteria, including:
- Reliable storage that recovers from errors and unexpected power failure
- Adherence to standard interfaces for compatibility with existing systems
- Data distribution features such as replication and synchronization with back-end Relational Database Management Systems (RDBMSs)
- Rigorous testing to ensure that data is protected in all circumstances
- Fast performance for insert, update, search, and sort operations
- Low memory footprint
The ITTIA DB SQL embedded relational database (Figure 1) can fulfill these requirements in a distributed data environment such as a hospital by delivering high data availability, replication, synchronization, and other intelligent data management capabilities. With support for both heterogeneous and homogeneous distributed databases, ITTIA DB SQL can share data between devices and communicate with back-end RDBMS products such as Oracle and Microsoft SQL Server. ITTIA DB SQL protects this data with Atomic, Consistent, Isolated, and Durable (ACID) transactions and stores it securely on a device with AES encryption.
“When combined with the Trusted Platform Module (TPM) key-generation feature and the AES-NI instructions of Intel® TXT, the ACID transactions ensure that data cannot be tampered with or stolen from the device,” Phillips says. “And because many medical devices run without a monitor and keyboard, Intel® Active Management Technology (Intel® AMT) makes it possible to install security updates and administer the device remotely.”
In addition to protecting data with encryption technologies, an embedded database must order writes to storage media to recover from unexpected power loss, a common problem with medical devices that are battery-powered. ITTIA DB SQL performs automatic recovery whenever a database is opened and relies on hardware to write changes to the database in a specific order. If the hardware can write each block of data atomically, the database can save data more efficiently.
When the ITTIA DB SQL database is shared among multiple tasks, special processor instructions are used to protect internal data structures from race conditions that could corrupt memory or crash the application. Using atomic increment, compare, and exchange instructions, the database software can efficiently serve multiple threads and processor cores.
Besides these security features, ITTIA DB SQL offers other data management capabilities that are particularly useful in medical applications:
- Provides a consistent architecture for persistent data storage, making it easy to add new features and migrate application code to a new environment
- Enables scaling throughout the entire life cycle of an application
- Allows data to be saved reliably in a format that is easily shared with a back-end server
- Reduces total cost of ownership and provides shorter time to market by enabling developers to focus on core application development
Data management is just one aspect that must be considered when determining how to secure embedded systems used in the medical field. Read this white paper to discover a layered security approach that enforces security policy from the CPU to the application software, and download this recorded webinar to learn five ways developers can secure a distributed system without compromising real-time performance.
To learn more about delivering quality health care with secure devices, see intel.com/go/embedded-medical.
For more securing connected devices, see intel.com/go/embedded-security.
OpenSystems Media®, by special arrangement with Intel® Intelligent Systems Alliance
ITTIA is a General member of the Intel® Intelligent Systems Alliance.