On 9 January, St. Jude Medical announced the release of a cyber security update to its Merlin remote monitoring system. The same day, the FDA issued a safety notice regarding the Merlin @home Transmitter, alerting affected physicians and patients to the relevant software update and potential for security breach. These interventions arose after MedSec, a security firm, exposed vulnerabilities in the monitoring system used by patients with implanted pacemakers or defibrillators.

Similar to St. Jude, medical device giant Johnson & Johnson issued a warning in October 2016 to users of the company’s Animas One Touch Ping insulin pump of a possible security hole. Despite these warnings and the potential for security gaps, companies are not slowing down their development of mobile phone app and cloud-based devices. On 9 January, the same day both St. Jude and the FDA recognized flaws in the Merlin system, orthopedic device manufacturer Orthofix announced FDA and EU CE Mark approval for the next iteration of its CervicalStim and SpinalStim bone growth stimulators. Along with these updated devices, Orthofix revealed its novel mobile phone application, Stim onTrack, created to communicate real-time patient data to physicians as well as alert patients to treatments.

Cybersecurity is an evolving frontier in the medical device market that manufacturers, physicians, and patients alike are attempting to navigate. The global population is becoming increasingly connected, and emerging technologies often exist solely in an app-based format to achieve speedy adoption. The incorporation of real-time data and cloud-based innovations into medical devices certainly presents a number of benefits. For example, physicians will be able to more easily monitor patient compliance to a treatment regime without the need for frequent office visits. This will be particularly useful in rural and developing nations, where access to healthcare is severely limited and follow-up visits are not often possible.

Increased connectivity also leads to increased vulnerability, as illustrated by the St. Jude Medical and Johnson & Johnson devices. Regulations exist for the privacy of patient health information, and devices must meet certain safety requirements in order to receive market approval. However, current FDA and CE Mark regulations are incredibly vague on the issue of cybersecurity in innovative devices. These regulatory bodies only offer guidance and recommendations, essentially depending on the manufacturer to ensure that devices are secure and continually monitored for necessary updates. As the medical device market progresses into an era of cloud-based connectivity, manufacturers and regulatory bodies will need to devote increased attention to cybersecurity risks to ensure patient safety and privacy are maintained.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.