Solving Edge Cases for Bluetooth Medical Devices: Webinar

Bluetooth Low Energy (BLE) may be a convenient communication protocol, but dropping it into a connected medical device isn’t easy. Depending on the complexity of the device, you could have dozens of “what if?” scenarios that need to be identified, thoroughly tested and mitigated. How do you solve these “gotchas” or edge cases to create a safe, effective and consistent Bluetooth-enabled medical device?

Orthogonal and MedSec hosted a webinar on Wednesday, August 16th, part of our joint Bluetooth Low Energy for Medical Devices Webinar Series. Bernhard Kappe, Orthogonal’s CEO and Founder, shared highlights from Orthogonal’s library of edge cases, built up over 10+ years of developing connected medical devices with BLE. He was joined by Buddy Smith, MedSec’s Director of Technical Consulting, who offered his perspective working with clients on the cybersecurity side of BLE edge cases. The webinar was moderated by Randy Horton, Chief Solutions Officer at Orthogonal.

Video Recording

Key Takeaway Points

1. To identify potential edge cases for your device, analyze your usage scenarios and system workflows with Bluetooth risks in mind. What device interactions do you need to support these workflows? What failure models or risks might arise, and how will you address them to ensure your device works as intended?
2. Take the identified edge cases and compile them into a library to serve as a baseline for future projects. This approach eliminates the need to start from scratch.
3. Testing edge cases involves taking a risk-based approach. Evaluate the frequency of occurrence for each edge case and the severity of harm it brings. Based on that, you can determine how to mitigate the issue. If the issue can’t be fully mitigated, plan to clearly communicate specific errors to the user if they arise.
4. Automate as much testing as possible. Orchestrate a testing harness to run tests across multiple device and hardware combinations. For tests that can’t be automated, you can get creative with testing environments (e.g. using a cookie tin as a Faraday cage or placing implantable devices in a phantom, like a saline solution (see image below)).
5. Monitor your device both in production and post-market. While in production, be sure to capture Bluetooth-related events and application behaviors during testing. Once on the market, you can leverage product analytics tools like Mixpanel to diagnose Bluetooth issues specific to the operating system and smartphone model they come from.
6. Bluetooth might not be the optimal choice for every device. Certain scenarios may be better suited for cellular connection or no connection at all. Bluetooth also adds additional considerations. If you have an app that connects over Bluetooth to device hardware, you need to give patients a compelling reason to use the app to get the most out of it.

Speakers

Bernhard Kappe, CEO and Founder, Orthogonal

Bernhard Kappe is the Founder and CEO of Orthogonal. For over a decade, Bernhard has provided thought leadership and innovation in the fields of Software as a Medical Device (SaMD), Digital Therapeutics (DTx) and connected medical device systems. As a leader in the MedTech industry, Bernhard has a passion for launching successful medical device software that makes a difference for providers and patients, as well as helping companies deliver more from their innovation pipelines. He’s the author of the eBook Agile in an FDA Regulated Environment and a co-author of the AAMI Consensus Report on cloud computing for medical devices. Bernhard was the founder of the Chicago Product Management Association (ChiPMA) and the Chicago Lean Startup Challenge. He earned a Bachelor’s and Masters in Mathematics from the University of Pennsylvania, and a Bachelor’s of Science and Economics from the Wharton School of Business.

Buddy Smith, Director of Technical Consulting, MedSec

Buddy Smith is a security engineer focused on protecting electronic devices from attack. He has an extensive background in firmware development, bringing his passion for embedded development to the security world. In his 15 years of experience, Buddy has worked in cryptography, hardware design, firmware engineering, and information security. In his role at MedSec, he has supported clients with regulatory filings, performed penetration tests of devices and created threat models for systems, from long-lived implantable devices to bedside infusion pumps.

Buddy holds a Bachelor of Science in Computer Engineering from the Georgia Institute of Technology, and is an Offensive Security Certified Professional. He is also an IEEE Senior member.

Moderator

Randy Horton, Chief Solutions Officer, Orthogonal

Randy Horton is Chief Solutions Officer at Orthogonal, a software consulting firm that improves patient outcomes faster by helping MedTech firms accelerate their development pipelines for Software as a Medical Device (SaMD), digital therapeutics (DTx) and connected medical device systems. Orthogonal makes that acceleration happen by fusing modern software engineering and product management tools and techniques (e.g., Agile, Lean Startup, User-Centered Design and Systems Thinking) with the regulated focus on device safety and effectiveness that is at the heart of MedTech.

Horton serves as Co-Chair for AAMI’s Cloud Computing Working Group, as well as AAMI CR:510(2021) and the in-process Technical Information Report #115, all of which address how to safely move medical device computing functions into the cloud. He is a frequent speaker at conferences and webinars, including events hosted by AdvaMed, AAMI, HLTH, RAPS and the Human Factors and Ergonomics Society (HFES).