Wireless Coexistence; Cybersecurity; Cybersecurity Controls - Invacare Linx REM500 User Manual

LiNX® Control System
Bluetooth connections, inherent encryption of the Bluetooth
protocols, and direct indication to a user when a connection
is made.
Due to the nature of the functions using the wireless
technology, there is no requirement for redundancy.
Security risks are addressed by compliance to recognized
standard AAMI-TIR57:2016 - Principles for medical device
security - Risk management (FDA recognition No: 13-83) and
the NIST Framework as appropriate.
The built-in safety features, such as and without limitation,
necessity for the LiNX Access Key to be physically present
when configuring the device, the use of standard Bluetooth
security protocols, single connection at any point in time,
limited range, limited exposure time and the visual indication
of an established connection, minimize the threats and
vulnerabilities from malicious attack.

9.5 Wireless Coexistence

Wireless coexistence testing has been conducted in line with
ANSI C63.27 using the radiated anechoic chamber (RAC)
test method.
The LiNX Access Key has been tested per ISO 7176-21:2009
Clause 5.2.3 at 20 v/m field strength. During testing the
LiNX Access Key disconnected from its paired device when
subjected to a frequency of 2.44 GHz. The function of the
wheelchair was not impacted by the disruption of the LiNX
Access Key wireless communication. If the LiNX Access Key
becomes disconnected from its paired device during use,
remove the wheelchair from the RF field and wirelessly
reconnect the device.
104

9.6 Cybersecurity

The LiNX product range has been designed with cybersecurity
in mind to assure device functionality and safety. The
cybersecurity measures taken address:
• The embedded software,
• The programming and diagnostic tools' software, and
• Bluetooth wireless technology.

9.6.1 Cybersecurity Controls

A number of controls are in place to assure that the LiNX
system software maintains its integrity from the point of
origin to the point at which a system leaves the control of
the manufacturer, and during product use.
These are summarized below:
• Devices leaving the point of origin are equipped with
a tamper evident seal, which allows for the detection
that a product's case has been opened and thus
potentially compromised. The Factory Test Interface is
not accessible without opening the case of any given
module.
• Once the system leaves the point of origin, it can only
have its software upgraded using the Programming
and Diagnostic tools by a healthcare professional or
a service technician with a LiNX Access Key (LAK)
connected to the charging port. Access controls and
licensing is provided through the physical LAK.
• Programming can only occur using either the P&D
tools or via Single Wire Communication interface, both
through the charging port. The embedded system
ensures safe envelopes for programmed parameters.
60101833-A