With the threat of Russian Hackers, WikiLeaks, and large companies being cyber-attacked almost weekly, cybersecurity is certainly a hot topic these days, and the medical device industry adds even more complexity to this challenging issue.
Medical device cybersecurity is an ongoing and major concern for manufacturers of medical devices, healthcare providers, the FDA and patients. There are extraordinary benefits for healthcare facilities to use mobile and networked technology to offer enhanced, real-time patient care; however, with any remote or Internet-connected device, the possibility of hacking, unauthorized access, viruses and even terrorism is a real and present threat and one the medical community is extremely focused on right now.
A major issue with medical technology is that the infrastructure of the devices themselves as well as the networked systems they are connected to, are immature and more vulnerable to attacks. Historically, medical device hardware and software has been less sophisticated without any built-in security or monitoring features. This is an area ripe for immediate improvement.
Deloitte recently interviewed healthcare leaders from nine organizations and compiled a report of their findings regarding privacy, patient safety and cybersecurity and what these organizations are doing to address these concerns.
There is tremendous pressure on the medical community to develop and strategize new approaches to protecting the privacy and safety of patient data. Symantec published an interesting white paper discussing this issue, which offers a viable strategy for enhanced security and risk management.
With so much attention being focused on cybersecurity for the medical industry, in late December, the FDA published their cybersecurity guidelines. They stress that the significant threat of cyber attack on medical devices demands that cybersecurity be addressed as a lifecycle approach, beginning with device design and ongoing security monitoring throughout the life span of the device. One key point made by Suzanne B. Schwartz, M.D., M.B.A., FDA’s Associate Director for Science and Strategic Partnerships, was that it may be impossible to prevent intrusion therefore more focus should be on monitoring device access as well as risk and disaster management.
Complicating the compliance issue is that cybersecurity is an ever-evolving problem due to rapidly changing technology, more sophisticated hackers becoming proficient at accessing secure systems, and more and more healthcare data being connected to networks.
The benefits of using networked medical technology are significant, however the risks, including patient exposure, health quality and even death are just as real. Hopefully in the near future we will see improved security measures implemented to not only keep up with that threat, but to surpass it with readiness, protection and monitoring.