Common-Law Marriage and FMLA Leave
October 14, 2019
Florida Employee Benefits
5 Ways to Improve Your Company’s Employee Experience
October 28, 2019

Managing the Escalating Risks of Medical Device Cybersecurity

The risk of cybersecurity attacks on medical devices is increasing. Medical device settings can be hacked and altered as well as medicine levels increased or decreased. The risk of patient harm is significant if these types of vulnerabilities are not addressed.

Anxiety over possible breaches of device systems is understandably growing. Not only are individuals at risk, but any medical device connected to a network, either through, Wi-Fi or the internet, is vulnerable to theft of personal information as well as protected health information.

The U.S. Food and Drug Administration (FDA) has issued safety communications to patients and healthcare providers about several devices:

  • Insulin pumps
  • Implantable cardiac devices
  • Clinic programmers
  • Home monitors.

These devices are vulnerable to cybersecurity breaches due to a wireless telemetry protocol that does not use authentication, encryption or authorization. These types of security measures could help prevent unauthorized access.

Manufacturers of medical devices need to be cautious about cybersecurity and their products. The FDA has recommended that medical device companies should monitor cybersecurity vulnerabilities, be transparent about potential threats and let patients and the medical community know what is being done to address cyber threats.

According to a cybersecurity survey conducted by HIMSS in 2018, 84 percent of healthcare organizations are increasing their budgets to address cyber threats. More than 75 percent of the organizations surveyed had experienced a threat in the past year. Of the 75 percent that had experienced a cyberattack, 62 percent indicated the attack had come through phishing email.

In January 2019, the National Healthcare and Public Health Sector released a Medical Device and Health IT Joint Security Plan. The plan was developed to help medical device stakeholders address cybersecurity risks. The following key statistics were motivators for researching and developing the plan:

  • 78 percent of healthcare institutions report they have been targeted for some form of cyber attack
  • Security breaches cost the healthcare industry $5.5 billion every year.

There are several factors impacting the growth of medical device cybersecurity challenges.

  • A lack of qualified medical IT security professionals
  • A growing number of connected medical devices (the FDA reported a 62 percent increase over the last 5 years)
  • An increase in information databases that are connected through the internet and internal provider networks (i.e. patient portals)
  • Pharma and biotech companies increasingly store valuable data
  • The launch of 5G networks in the medical industry is driving technology to instantly connect medical devices, allowing for capture and monitoring of data on devices that are connected as well as increased remoted health monitoring and telemedicine
  • An increase in the sophistication of malware and the ability of medical devices and networks to be hacked

In order to protect patients and medical institutions, the National Institute of Standards and Technology (NIST) has developed a framework to help medical personnel better understand the exposure to cybersecurity risk. The following steps should be implemented by healthcare institutions:

  1. Educate personnel on how to recognize cybersecurity risks at a systemic level
  2. Enact safeguards to protect critical healthcare infrastructure
  3. Implement activities to help healthcare personnel identify cybersecurity events
  4. Develop plans to prepare facilities for cyberattacks and understand how to restore devices or networks that have been compromised.

Cybersecurity is a critical issue for the medical industry. Researchers have demonstrated that it is possible to hack into medical devices and potentially cause patients harm. While this type of cyberattack has not been documented to date, it could theoretically occur. The increased use of technology in healthcare certainly has the potential to improve the quality of patient care. However, it is vital that medical device manufacturers and healthcare providers learn how to protect patients from cybersecurity breaches to keep them out of harm’s way.

For more information on mitigating your cybersecurity risks and cybersecurity insurance, contact us here.