Four Ways to Reduce Risk When Developing Software for Medical Devices

By Michael Chalupa

Field Application Engineer

QNX Software Systems

August 20, 2020


Four Ways to Reduce Risk When Developing Software for Medical Devices

As medical devices become more complex, the need to ensure their security grows exponentially.

In 2016, a major device manufacturer paid a $43M settlement for infusion pumps malfunctioning due to software problems. While this and other recalls should have alerted the development community to the critical importance of the software in the safe and secure design of medical devices, software still represents the number one cause of medical device failure, according to Stericycle.

It doesn’t have to be that way. Medical device companies can reduce risk and their liability by using an operating system and other software components that are IEC 62304-compliant. Adopting a microkernel OS architecture lets you intrinsically separate the safety-critical from non-critical functions and helps you manage sensor input more easily. By following the fundamentals outlined below from design through to production and commercialization, medical device OEMs provide safer, more secure devices and reduce risk.

Nail down your processes

IEC 62304, an international functional safety standard for medical devices, outlines a process-based, best-practice lifecycle approach for the design and maintenance of safe medical devices. The standard provides guidance on hazard and risk analysis, decommissioning requirements and how to address software of unknown provenance (SOUP).

By leveraging pre-certified OS and software components in your device, you can use the body of evidence in your safety certification process, saving time and money in development. Your team can focus on verification and compliance of your medical application. The OS compliance is already taken care of.

Isolation avoids “infection”

Like social distancing, isolation helps control risk and protects software components from any unintended interference (including bugs or failures) from other software components. Segregation can be approached in three ways—use of separate processors, adoption of an embedded OS with a microkernel architecture, and implementation of an embedded hypervisor.

Medical devices have also become a popular target for hackers. Security breaches doubled in the first six months of 2020 compared to the same period last year. Ultimately, security is a never-ending process that requires secure software development and secure communications from the operating system on up the stack. Although there is not yet an approved security standard for medical devices, there are widely accepted best practices, such as the separation of safety-critical and non-critical components. A microkernel OS or embedded hypervisor can help medical device developers reduce security risks by shrinking the attack surface.

Make it intuitive

Poorly designed user interfaces can cause performance issues and lead to human error in operating the device, potentially compromising patient safety. User expectations for the graphical user interface are heavily influenced by trends seen in consumer products. Customers want that smartphone experience without recognizing that the medical device may lack the necessary computation power and memory. When systems are well designed, demanding computation processes like graphics may be isolated from the rest of the application. This isolation helps ensure a device’s real-time processes, enabling developers to more easily provide the intuitive approach users need.

Manage sensor fusion

Medical devices, such as defibrillators, infusion pumps and surgical robots, often use many sensors, exponentially adding to the complexity of the device and its software and generating a huge volume of data that the medical device must process without jeopardizing the life and health of the patient. An effective sensor framework collects this data and maintains reliable, real-time response and decision-making in the face of critical events.

Nowhere is this more relevant than with surgical robots. These robots rely on cameras, and motion and position sensors for the correct positioning of robotic arms. Their use has resulted in better patient outcomes, but their successful deployment absolutely hinges on manufacturers adopting best practices that properly ensure real-time response, high precision, and security alongside the sensor input.

Register for the webinar

To learn more about this topic, register for BlackBerry QNX’s upcoming webinar: From Prototype to Production: 5 Keys When Developing for Safety and Security in Medical Devices­.

Michael Chalupa is part of the Field Applications Engineering group at BlackBerry QNX and provides technical sales support in the North East Region of North America. Michael holds both a Bachelor’s and Masters of Science in Computer Engineering, and has over 30 years of experience in both the embedded and Defense industries.


As an Embedded Systems Professional, I have had the pleasure to participate in many different aspects of the business. Currently I am a Field Applications Engineering responsible for technical pre-sales in the North East region of the United States.

More from Michael