The use of IoT measurement devices is rapidly increasing across all areas of life — including industry, households, agriculture, and medicine. However, this growing deployment also raises various metrological challenges caused by factors such as device aging, unstable power supply, and environmental influences like vibration, temperature fluctuations, and other external conditions. ¹ Additionally, although to a lesser extent, cybersecurity issues can also impact measurement reliability. Metrology forms the foundation of the entire quality infrastructure. Without reliable measurements, it is impossible to conduct any research — from electronics and mechanics to medicine or management. To ensure product quality, prevent production losses, and avoid physical harm or even death, the calibration of IoT measuring devices (IoTM) must be performed at appropriate intervals, and their suitability for measurement must be continuously verified and validated. Due to calibration a uninterrupted link between the measuring device and the SI system units is formed. However, it is practically impossible to calibrate large number of IoTM devices in laboratories, in this situation, the solution becomes calibration performed onsite. ¹

In this article we will use the terms described in the International Vocabulary of Metrology (VIM). This guidance harmonizes worldwide fundamental terminology and thus allows the science of metrology to improve. In Chapter 5 of the VIM, “Measurement standards (etalons) and metrological traceability”, calibration is defined as an operation performed on a measuring instrument or a measuring system that, under specified conditions establishes a relation between the values with measurement uncertainties provided by measurement standards and corresponding indications with associated measurement uncertainties and uses this information to establish a relation for obtaining a measurement result from an indication. ² Some authors use the concept of calibration incorrectly, for example, calibration is not just adjustment of a measuring system or verification of calibration, which frequently inaccurately called “selfcalibration”. Calibration of devices used in the healthcare sector is a key step in protecting lives, therefore the accuracy, precision, and performance of the devices become extremely important. ³ The global medical equipment calibration services market size was estimated at US$1.7 billion in 2024 and is expected to grow over the next decade to US$4.8 billion by 2034 owing to the rising demand for accuracy and regulatory compliance in medical devices. ⁴

It is important to understand that calibration may be expressed by a statement, calibration function, diagram, curve or table. ² The calibration can be performed directly between the primary measurement standard and the secondary measurement standard or using an intermediate measurement system calibrated by the primary measurement standard, with the measurement result assigned to the secondary measurement standard. ²

All measurement systems, including IoTM devices, must have an unbroken chain of metrological traceability to an international or national measurement standard. Continuous calibration monitoring is extremely important for metrological traceability, as it allows the identification of factors contributing to measurement uncertainty and a more accurate assessment of the conformity of the measurement result to the standard. ² The measurement system, measurement result and calibration interfaces can be depicted in Figure 1 below. This diagram illustrates that data transmission occurs throughout all processes, thereby revealing two key security risks for IoTM devices: the potential for data leakage or intentional modification, and the specific locations where these threats may arise.

To ensure measurement traceability and compliance with quality standards, measuring devices require accredited calibration certificates. Traditionally, these are issued on paper, which complicates the work of technical supervisors, increases logistical costs, extends device downtime, and hinders automation in facilities with numerous instruments.

To address these inefficiencies, the industry is moving toward digital calibration certificates for IoT devices. However, this shift presents not only metrological challenges but also demands robust IT security and a stable data transmission network. This is particularly difficult given the constraint of limited power sources, especially when a device should operate without changing batteries for the minimum 5 years.

The implementation of digital technologies in metrology, as we can see, is a slow process, historically most likely related to the tradition of providing standards and measurement services. The responsibility arising during this process makes even minimal changes slow and consistent, in order to avoid any financial, emotional or health damage. ⁵ National Metrology Institutes (NMIs) have plans to provide secure and traceable Digital Calibration Certificates (DCCs), but this project is still on the hold due lack of reliable, secure and traceable infrastructure, therefore the digitalization process in metrology lags behind progress in other areas and new projects just starting in this area. ⁶ The concept ⁶ of digital calibration certificates was introduced by scientist from National Metrology Institute of Germany within the project Smartcon framework ⁷ in 2018 and continues in the Euramet project “Development of digital calibration certificates” till 2026. The preliminary results of introduction paper free DCC inside IoT measurement systems are described in the article. ⁶ The requirements for DCC calibration infrastructure and certificate structure are described in the sources. ^{7– 9}

In order to transmit digital metrology data over public networks, such as the Internet, security must be ensured, only then will the data not be compromised by various means during transmission, especially by malicious actors on the Internet. ⁵ However, the implementation of DCC in any chosen measurement area to enable calibration as a service for IoTM devices without human intervention (machine-to-machine communication) makes preparation an appropriate secure infrastructure necessary.

The article examines wearable and implanted devices (IMDs) in medicine, aims to determine the impact of Calibration Errors on Medical Device Security and at the end of the analysis, a Standard Operating Procedure for calibration of IoTM will be proposed as a result.

With the growing trend that medicine should be personalized and advancements in microelectronics, materials science, and wireless communication the number of personalized IoT sensors used in the healthcare system is increasing every year. This shows US $33.85 billion global market for health care wearables in 2023 and expected rising trend with US $250 billion market by 2030. ¹⁰ The World Health Organization (WHO) believes with the Global Health Strategy for 2025-2028 6 billion people will enjoy better health and well-being and 7 billion people to be better protected from health emergencies, ¹¹ we believe that medical devices calibration process improvement could also contribute to this plan. Since 2010 WHO organizes Global Forum on Medical Devices, in 2025 June 2-4 were the fifth forum, in which were defined methods for increasing access to essential and priority medical devices were defined, examples of best practices from countries in medical device regulation, evaluation, and governance were shared, and the development and use of innovative, appropriate, and affordable technologies to address global health priorities were demonstrated.

Wearable medical devices are considered to have one or more than one of the four main functions: monitoring, screening, detection and prediction. ¹¹ From general vital signs monitoring to specialized sensors designed to diagnose, monitor symptoms, and treat specific diseases from different body systems - cardiovascular, neurological, psychological, musculoskeletal. ^{12, 13} These sensors are already incorporated in our everyday life. Continuous monitoring data collected through IoT technologies can enhance the knowledge base for decision-making and is inherently different from routine clinical consultations. ¹⁴ However, it also possesses the risk of information overload in the healthcare system. ¹⁵ The cross-sectional study in 2025 showed that female users and with higher income levels have greater likelihood of usage, on other hand data sharing declines drastically with age. ¹⁶

Implantable cardioverter defibrillators, pacemakers, insulin pumps, deep brain stimulators and drug delivery systems are examples of IMDs used for long-term use, i.e. for the treatment of chronic diseases. However, former US Vice President Dick Cheney’s wireless connectivity of heart pacemaker was disabled due to national security concerns, such as the pacemaker’s set by cybercriminals at frequency being incompatible with life. ¹⁷ This applies not only to pacemakers, but also to other devices, such as insulin pumps, which may use similar principles to regulate insulin delivery, increasing medicaments dosage or brainjacking can lead to physical or psychological harm and even to death and experiments conducted by scientists show that this is indeed possible. ^{18– 20}

Therefore, medical devices are subject to strict controls and regulations worldwide. In Europe, any medical device must be certified to ensure its safety, effectiveness and consistent quality level. If all regulatory requirements are met, the device can receive the CE mark in Europe. ²¹ It is important to notice that sensor specificity of current wearable devices can be low, which may lead to over detection of benign nonclinical related signals, resulting in misdiagnosis, unnecessary examinations, and patient anxiety. ²² Accordingly, the calibration process and protection against tampering with the set parameters become extremely important. This could give patients, their relatives and medical staff greater confidence in these devices. Bonan Zhang et al. in a 2025 survey on security and privacy issues in wearable health monitoring devices also noticed a lack of standard communication protocols, which could help manufacturers design new devices not only orienting towards development and design of risk assessment. ²² A good balance between regulation and innovation is necessary, as the constant progress in this field often outpaces regulatory updates, creating a significant gap between the development of wearable and implantable medical devices and the establishment of the necessary regulatory requirements.

In the healthcare sector—whether in hospitals or among medical device manufacturers—patient safety remains the highest priority. To safeguard this principle, strict regulations, standards, and guidelines govern the development, calibration, use, and quality control of medical devices worldwide. Compliance with frameworks such as FDA guidelines requires structured risk management processes, comprehensive documentation, and clearly defined roles and responsibilities. ²³

During data acquisition, risks inevitably arise as a combination of the potential consequences of unwanted events and the likelihood of their occurrence. Currently, no single standardized methodology exists for assessing software security and the risks specific to IoT-based measurement systems. As a result, manufacturers and researchers draw upon various standards and recommendations issued by international organizations such as ISO and WELMEC (European Cooperation in Legal Metrology).

For IoT-related risk assessment, the ISO/IEC 27005:2022 standard provides guidance on managing information security, cybersecurity, and privacy risks. ²⁶ More domain-specific is the WELMEC Guide 7.6 Software Risk Assessment for Measuring Instruments, ²⁴ based on the EU Measuring Instruments Directive (2014/32/EU; MID). This directive defines legal requirements for measuring instruments falling under legal metrology, which manufacturers must meet before placing devices on the market. WELMEC Guide 7.6 further specifies risk classes, baseline requirements for embedded software in measurement instruments, and detailed provisions for long-term data storage and secure transmission of measurement results.

In their survey, Karie et al. identified approximately 80 ISO/IEC security standards, 32 ETSI standards, and 37 conventional security assessment frameworks, including seven NIST special publications on security techniques applicable to IoT-enabled health monitoring environments. ²⁵

Table 1 below summarizes key international and national regulations, standards, and guidelines relevant to medical device calibration, cybersecurity, data integrity, metrology, and traceability. These frameworks form the basis for the Standard Operating Procedure (SOP) for secure calibration processes presented in the final chapter of this work.

These standards precisely describe how calibration laboratories, measurement systems and with them related processes must be done to ensure accuracy, reliability, and security. Medical devices are no exceptions; they must be calibrated following in standards described requirements. As already mentioned, they can be international or national, requirements or quality control tests may vary depending on this. Main European Union regulations are Medical Devices Regulation (MDR) describing how medical devices must be approved for safety and their performance. ²⁶ The MDR also includes part about IT security in medical devices, to ensure data and device performance regulation from unauthorized access. As medical devices development never stops, new measurement methods, their implementation of IoT devices, hardware or software improvement also are necessary and regulations that must be regularly updated.