Serious data breaches at some of the world’s most powerful companies have shaken both professionals and customers to their core. Some of those hacks have targeted hospitals and the incredible amount of personal data.
Now, the United States Food and Drug Administration (FDA) has joined forces with the MITRE Corporation. To help organizations avoid and prepare for a device breach.
In the past, when data and sensitive information were kept in paper documents. A global hack of information was essentially impossible. Now, as all industries start to depend more and more on online servers. Massive and catastrophic hacks are no longer a thing of science fiction imagination.
Cybercriminals are now able to inflict mass harm across global networks using simple tools such as email and malware. Already, cybercriminals have impacted institutions in the financial, entertainment, health and government sectors.
While medical devices have not yet been deliberately targeted. Many of these links are directly connected to a hospital’s larger network that are much more vulnerable to attack. This makes the information that major medical devices hold vulnerable as well. When it comes to medical devices, it is not only the information that is at risk. But in fact, the very lives of those who use and depend on the devices.
In Oct. 2018, FDA commissioner Scott Gottlieb admitted that “the risk of such an attack persists.”
So what is the level of risk, and what can companies do to negate it?
How high is the Medical Technology risk?
As is the case with all major industries, cybersecurity experts have been assigned to analyze the level of risk related to a security breach of medical device cybersecurity.
Cybersecurity experts are known within the industry as ‘white hat hackers’ has revealed a number of security concerns. With medical devices in areas of both clinical and research-oriented work. They also agreed that it is not a matter. But when a criminal hack involving these types of products is attempted.
In fact, a number of devices have already been recalled by the FDA as a result of finding weak points in their security. Abbott’s RF-enabled implantable cardioverter defibrillators (ICDs) and cardiac resynchronization therapy defibrillators (CRT-Ds) were both recalled. It was discovered that hackers would be able to access the devices and rapidly deplete their battery stores or issue improper cardiac pacing commands.
That type of incident taking place could quite literally put peoples’ lives at serious risk. Those are not the only two devices that were found to be vulnerable to attacks. A research group at Israel’s Ben-Gurion University of the Negev was able to demonstrate that CT scanners. With outdated software was vulnerable to an attack that would allow adjustments of applied radiation to levels harmful for human wellbeing.
While the study did admit that the ability to control such medical devices might be limited. There is no doubt that even the risk was serious enough to cause concern within the medical industry.
Last year, the FDA launched a cybersecurity playbook with the MITRE Corporation. In order to help promote cybersecurity safety for healthcare providers and professionals.
The idea behind ‘playbook’ is that it will encourage a positive and practical launch pad for companies. To focus on the overall cybersecurity of the healthcare industry as a whole.
Identifying future challenges
Even though the aforementioned ‘playbook’ is a fantastic way to improve the safety and security of the healthcare industry. Still, this alone is not expected to magically solve the threat of future cyberattacks in the healthcare industry.
As the healthcare industry is deeply interconnected. It is crucial for professionals and regulators on all sides to ensure that devices are specifically designed. From the ground up to be as resistant as possible to external attacks.
The seemingly good news is that with the ‘playbook’ in place. The hopes is technology continues to advance in the field of healthcare technology. An emphasis on constant vigilance will help as new the new technology leads to new. Yet unfounded avenues for cybersecurity criminals to try to hack their way in.
While there is certainly a risk that this stringent approach will lead to a cooling off of statistical advancements. Stagnation in development and progress.
Going forward, it is quite likely that the FDA itself should implement more proactive approaches. To ensure that safety is a top priority. Cybersecurity testing on approved devices could become a thing of the norm.
If regulatory bodies such as the FDA continue to develop new ways to maintain security within the industry. Ultimately, what matters most is the security of the devices that are used and the safety of the people who use them. As long as the medical community agrees with that fact, people have little to worry about.