Disclaimer: The views and opinions expressed in this blog are those of the author(s) and may not reflect the official policy or position of Excelsior College. Excelsior makes no claim regarding the suitability of the content for all audiences.
In today’s world, if something can be hacked, it most likely will be. Nowhere does this run more of a concern than in the healthcare industry. Medical devices are a new pain point in cybersecurity. Hackers who can gain access to the data connected to medical devices have the opportunity to do massive damage. From meddling with a patient’s insulin dosages to controlling the power of a pacemaker, these types of breaches have the potential to be life-threatening, explained Forbes.
The problem largely stems from the fact that medical equipment was not designed with cybersecurity as a priority. Future medical devices will potentially incorporate more cybersecurity safeguards due to new guidelines set forth by the Food and Drug Administration.
“Medical devices are a new pain point in cybersecurity.”
Designed with cybersecurity in mind
The new measures instruct manufacturers to build cyber security functionalities into all new medical devices. According to a press release by the FDA, the guidelines are a part of an ongoing commitment to ensure the safety of all medical devices against cyber threats. The statement stressed that while building in safeguards for cybersecurity at the beginning of production is important, the continual maintenance of these devices will be even more critical as cyber threats evolve.
“All medical devices that use software and are connected to hospital and health care organizations’ networks have vulnerabilities—some we can proactively protect against, while others require vigilant monitoring and timely remediation,” said acting director of emergency preparedness/operations and medical countermeasures in the FDA’s Center for Devices and Radiological Health Suzanne Schwartz in the statement. “Today’s draft guidance will build on the FDA’s existing efforts to safeguard patients from cyber threats by recommending medical device manufacturers continue to monitor and address cybersecurity issues while their product is on the market.”
“One of the best ways to safeguard your business against cyber threats is to get educated”
Increased vulnerability in devices
The ways in which these cyber security functions will be implemented differs depending on the device at hand. Things like intended use, overall vulnerability concerns and risks to the patient are unique qualifiers that will significantly alter the approaches to cybersecurity technology in each device, explained Forbes.
Of course, there are some flaws with the new FDA guidelines. For starters, the standards do not make new devices completely secure from potential hacking. This comes as no surprise since threat-proof medical devices are non-existent, according to the source. The major flaw stems from devices created before the guidelines were released.
There is no guidance on how to approach devices without security built into their systems. The software for older hardware has no option for updates even if discrepancies are uncovered. Forbes noted that while this is an unfortunate oversight, there is not much to be done about older devices that are still in use.
One of the best ways to safeguard your business against any cyber threats, new or old, is to get educated on the intricacies of cybersecurity. Here at The National Cybersecurity Institute we offer a wide variety of training courses intended to expand individual knowledge on cyber threats within specific industries.