Security Requirements and Recommendations
This section explains the minimum IT security requirements and recommendations for integrating with our medical device, with specific focus on protecting sensitive medical data and ensuring secure API communications.
The device processes images and returns clinical analysis through secure REST API endpoints. To ensure safe and secure operation, your healthcare organization must meet specific security requirements that protect patient data and maintain system integrity.
The device's security model includes:
- JWT-based authentication with time-limited access tokens
- HTTPS-encrypted communications for all API endpoints
- Base64-encoded image transmission with secure processing
- FHIR-compliant output following healthcare data standards
While these requirements are fundamental to healthcare IT systems, reviewing this document ensures your infrastructure is properly configured for secure medical device integration. Adhering to these specifications prevents unauthorized access, data breaches, and other cyber threats while maintaining the confidentiality and integrity of sensitive health information.
The requirements and recommendations outlined here align with the latest standards and guidelines from the Medical Device Coordination Group (MDCG) and the Medical Device Regulation (MDR), specifically addressing the cybersecurity needs of Class IIb medical device software.
Core Security Requirements
Network Security and API Communication
HTTPS/TLS Encryption
- All communications with the device must use HTTPS with TLS 1.2 or higher
- Verify TLS certificate validity and implement certificate pinning where possible
- Ensure your systems reject non-encrypted HTTP connections to device endpoints
- Configure your firewall to allow outbound HTTPS traffic to
*.legit.healthdomains
API Security
- Store API credentials securely using encrypted credential management systems
- Never embed credentials in application code or configuration files
- Implement secure credential rotation policies aligned with your organization's security standards
- Use environment variables or secure vaults for credential storage
Authentication and Access Control
JWT Token Management
- Implement secure storage for JWT access tokens (avoid browser localStorage for sensitive tokens)
- Handle token expiration gracefully with automatic renewal mechanisms
- Log authentication failures and monitor for suspicious login attempts
- Configure appropriate session timeouts based on your security policies
Access Control
- Limit API access to authorized healthcare personnel only
- Implement role-based access control aligned with clinical responsibilities
- Regularly audit user access permissions and remove unused accounts
- Use strong, unique credentials for each integration point
Medical Data Protection
Image Data Security
- Encrypt medical images both in transit (via HTTPS) and at rest in your systems
- Implement secure image upload mechanisms with proper validation
- Ensure Base64-encoded images are handled securely without logging sensitive content
- Establish retention policies for medical images in compliance with local healthcare regulations
FHIR Data Handling
- Secure processing and storage of FHIR DiagnosticReport responses
- Implement proper data classification for clinical analysis results
- Ensure diagnostic reports are accessible only to authorized healthcare personnel
- Maintain audit trails for all medical data access and modifications
System Infrastructure Requirements
Operating System Security
OS Selection and Configuration
- Choose operating systems with active security support and regular updates
- Prefer systems commonly used in healthcare environments with established security frameworks
- Configure systems according to healthcare industry security standards (e.g., NIST Cybersecurity Framework)
- Disable unnecessary services and close unused network ports
Hardening and Updates
- Apply security hardening guidelines specific to your operating system
- Follow Center for Internet Security (CIS) benchmarks where applicable
- Implement automated patch management with emergency patching capabilities
- Test security updates in non-production environments before deployment
Access Management and Monitoring
Principle of Least Privilege
- Grant users and systems only the minimum access required for their specific functions
- Implement separate service accounts for device integration with limited, specific permissions
- Regularly review and adjust access permissions based on role changes
- Establish clear procedures for access provisioning and deprovisioning
System Protection
- Deploy and configure firewalls to control network access to integration systems
- Enable built-in security features including access control mechanisms
- Use endpoint protection solutions on systems accessing the medical device
- Implement network segmentation to isolate medical device communications
- Use security-enhanced environments (SELinux, AppArmor, Windows Defender) for additional protection
Monitoring and auditing
- Set up system logging and monitoring to detect and respond to security incidents or policy violations. Ensure that logs are retained according to the organization’s data retention policy and are protected from tampering.
- Use intrusion detection systems (IDS) or security information and event management (SIEM) systems to analyze logs and alert administrators of suspicious activities.
User account management
- Enforce strong password policies and consider using password management tools to help users maintain secure passwords.
- Implement account expiration, lockout policies, and regular review of account usage to ensure that credentials are not abused.
Conclusion
As you can see, these recommendations are not specific to the device, but applicable to any computer, especially if it is already in use to interact with health records. It may seem like providing you with these guidelines may be overstepping in our role as a supplier of a medical device because they all apply to how you should configure your own system.
We aim to help you ensure that your IT infrastructure is adequately prepared to support the safe and effective use of the device to enhance security and also facilitate optimal performance and reliability.