Wearables used as connected medical devices (CMDs) enable 24/7, non-invasive monitoring of key aspects of mental health. Sentio Labs has introduced the Feel Monitor, a proprietary, multi-sensor wrist-worn device that provides continuous and unobtrusive monitoring of changes in the activation of the Autonomic Nervous System (ANS). The end-to-end Feel Digital Precision Medicine Platform uses this data to extract a series of mental health metrics that are utilized in various steps of the patient care process: diagnosis, patient management and treatment.
Connected Medical Devices: key challenges
Connected medical devices like the Feel Monitor have to protect sensitive private health info (PHI). This comes with a range of challenges:
Data integrity: Any deviation in the data transmitted by the Feel Monitor might render the respective data package either useless or highly inaccurate, potentially leading to incorrect medical decisions.
Privacy: The highly sensitive nature of the collected personal health data necessitates the privacy-preserving nature of the transmission during the entire data journey (i.e., sensor, mobile, cloud processing infrastructure)
Secure Firmware updates: Protection against vulnerabilities and exploits.
Authentication of user and components: The manufacturing and the components of the sensor followed specific procedures and standards, thus there should be verifiable evidence that specific types of modules with specific properties are present in the device; furthermore, since all data-processing machine-learning based models are personalized and the extracted metrics and decisions inform health-related decisions, the system at any time should be able to reliably recognize, at any time, the individual who uses the sensor.
The ENTRUST approach on Holistic Security
The ENTRUST approach provides a framework for ensuring runtime operational assurance of CMDs and their networks. ENTRUST emphasizes end-to-end security in three core phases of a product lifecycle:
Design Phase: Manufacturers identify medical and user requirements, align with regulatory standards, and incorporate cybersecurity measures from the outset.
Pre-Deployment Phase: Organizations assess site-specific capabilities, ensure regulatory compliance, and securely integrate CMDs within their infrastructure.
Runtime Phase: Continuous monitoring and remote attestation validate device integrity, mitigating risks in real-time.
This systematic approach is being validated in various use cases, including the Sentio Labs wearable mental health device.
ENTRUST Security Measures: opportunities to enhance the Feel Monitor and Digital Precision Medicine Platform
The following ENTRUST security measures will be integrated and tested in the Feel Monitor and the Feel Digital Precision Medicine Platform in order to enhance the existing security and privacy mechanisms and further strengthen the confidentiality, integrity, and authenticity of patient data:
Dynamic attestation: Advanced attestation processes that can identify vulnerabilities at runtime.
Corrective measures after failed attestation: Mechanisms that can be quickly applied after a failed attestation to restore the trust level of the system, for example verified, secure firmware updates.
Misbehaviour detection: Advanced methods that use digital twins and AI to detect misbehaviour, e.g. in the transmission of data.
Multi-Stakeholder trust level calculation: Calculation of trust level from multiple trust sources, fostering transparency and trust among users and healthcare providers.
Conclusion: Pioneering Trust and Safety in Connected Healthcare
As CMDs like those developed by Sentio Labs continue to redefine healthcare delivery, ensuring security and privacy is of critical importance. ENTRUST addresses key challenges in the path of improving patient outcomes with cutting-edge devices and capabilities while preserving the integrity and confidentiality of sensitive health data, leading to more innovation and reliability in connected healthcare.