The risk of cybersecurity attacks on medical devices is increasing. Medical device settings can be hacked and altered as well as medicine levels increased or decreased. The risk of patient harm is significant if these types of vulnerabilities are not addressed.
Anxiety over possible breaches of device systems is understandably growing. Not only are individuals at risk, but any medical device connected to a network, either through, Wi-Fi or the internet, is vulnerable to theft of personal information as well as protected health information.
The U.S. Food and Drug Administration (FDA) has issued safety communications to patients and healthcare providers about several devices:
These devices are vulnerable to cybersecurity breaches due to a wireless telemetry protocol that does not use authentication, encryption or authorization. These types of security measures could help prevent unauthorized access.
Manufacturers of medical devices need to be cautious about cybersecurity and their products. The FDA has recommended that medical device companies should monitor cybersecurity vulnerabilities, be transparent about potential threats and let patients and the medical community know what is being done to address cyber threats.
According to a cybersecurity survey conducted by HIMSS in 2018, 84 percent of healthcare organizations are increasing their budgets to address cyber threats. More than 75 percent of the organizations surveyed had experienced a threat in the past year. Of the 75 percent that had experienced a cyberattack, 62 percent indicated the attack had come through phishing email.
In January 2019, the National Healthcare and Public Health Sector released a Medical Device and Health IT Joint Security Plan. The plan was developed to help medical device stakeholders address cybersecurity risks. The following key statistics were motivators for researching and developing the plan:
There are several factors impacting the growth of medical device cybersecurity challenges.
In order to protect patients and medical institutions, the National Institute of Standards and Technology (NIST) has developed a framework to help medical personnel better understand the exposure to cybersecurity risk. The following steps should be implemented by healthcare institutions:
Cybersecurity is a critical issue for the medical industry. Researchers have demonstrated that it is possible to hack into medical devices and potentially cause patients harm. While this type of cyberattack has not been documented to date, it could theoretically occur. The increased use of technology in healthcare certainly has the potential to improve the quality of patient care. However, it is vital that medical device manufacturers and healthcare providers learn how to protect patients from cybersecurity breaches to keep them out of harm’s way.
For more information on mitigating your cybersecurity risks and cybersecurity insurance, contact us here.