Updated Jan 19, 2025
Healthcare has changed rapidly with the introduction and embrace of technology. One area where this is creating better outcomes for patients is medical devices. As they become more sophisticated in their framework, their risk exposure rises. Thus, there is a push for and prioritization of medical device cybersecurity. In the umbrella of proactive measures to ensure security, IEEE 2933 has provided a new standard.
The comprehensive framework can resolve weaknesses within interoperability. It’s a critical aspect of medical device cybersecurity and part of the Food and Drug Administration (FDA) guidance around proactive measures.
What Is IEEE 2933?
IEEE 2933 is a security standard for the clinical Internet of Things (IoT) data and device interoperability.
The framework follows TIPPSS principles:
- T — Trust: Establishing reliable, trustworthy device connections
- I — Identity: Verifying users’ identities and authenticating
- P — Privacy: Safeguarding sensitive and confidential information from unauthorized access
- P — Protection: Establishing measures to protect devices from cyber threats
- S — Safety: Ensuring devices operate safely and pose no risk to patients
- S — Security: Maintaining the entire security of devices
It applies to wearable medical devices or those used in care settings and applications they interact with, including electronic health records (EHRs).
What’s the Purpose of IEEE 2933?
Why did the industry need IEEE 2933? It’s the culmination of many trends within digital transformation and the need to interconnect devices to share data and merge workflows.
Creating such connections is integral in medical devices, but the introduction of risk can’t be forgotten. In response to alarming reports on clinical IoT cybersecurity, experts in medical devices and cybersecurity from the IEEE and UL partnered to develop the standard. Its kickoff occurred in 2019, with board approval in 2024.
The objective of IEEE 2933 is to ensure that communication between devices and other systems is secure and won’t impact patient safety.
The scope of the standard includes these use cases:
- Connected monitoring devices, such as a continuous glucose monitor
- Connected therapy devices, such as an automated insulin delivery system
- Hospital at-home care
- Home to hospital care
The guidelines address enabling devices to achieve secure interaction across a healthcare system. Its implementation can minimize cyber threats.
The Impact of IEEE 2933 on Medical Device Cybersecurity
With IEEE 2933, trust and identity establishment is at the core of how it addresses cyber threats. This authorization becomes part of the entire lifecycle of the device, including:
- Development and manufacturing
- Lifecycle design
- Trust within inter-device and cross-systems
- Decentralized environment interactions
- Device-to-human interaction
Additionally, the standard also promotes zero-trust architecture.
IEEE 2933 has the potential to strengthen interoperability security. It was a key component in the FDA guidance. As ecosystems become more connected to drive efficiency and accuracy, risk can increase as well.
As a result, standards and controls for interoperability become a focus and a challenge. The FDA recommends their inclusion, but they can sometimes hinder accessibility and usability. Hence, the need for balance.
Interoperability considerations must be part of device development from the start to ensure there are no usability limitations while enhancing security.
Implementing IEEE 2933 Across the Medical Device Landscape
Establishing the TIPPSS principles applies to device manufacturers and providers. Manufacturers can consider this another layer of security to comply with the FDA and elevate cybersecurity efforts. All products should consider TIPPSS and interoperability controls at the start.
For providers, the onus is to use TIPPSS as a guide for protecting patient data and the reliable operation of devices.
As all stakeholders move forward to innovate medical device technology, TIPPSS provides a reliable structure for security and usability.
If you’d like to learn more about applying TIPPSS and improving the cybersecurity of your medical devices, we can help. Contact us today.
