Cyber security involves safeguarding the integration of medical devices, networking, software, and operating systems from attack, damage or unauthorised access.

Advancements made in networked technologies have raised the bar for the need to address unintended safety, privacy, and cyber security issues. The FDA regulates the cyber security of software so that medical devices can be marketed to assure benefits to patients and outweigh risks.

In 2011, the FDA issued the Medical Device Data System (MDDS) rule, which includes software and electronic or electrical hardware (including wireless) used for medical purposes. This applies to devices from class III (high risk) to class I (low risk) and also to systems that act as a mechanism to transfer, store, convert, or display medical device data without controlling or modifying the function or parameters of a connected medical device such as software that stores blood pressure information of a patient to review at later time. However, in 2015, the FDA republished MDDS rules stating that low-risk devices such as medical image storage devices need not comply with the rule as they pose low risk to cyber security threats.

Networked technology in medical devices offers many benefits such as increasing patient mobility by eliminating wires that tether a patient to a medical bed; providing health care professionals the ability to remotely programme devices and providing the ability to physicians to access and monitor patient data regardless of their location.

GLWACH's eICU pilot program. Source: General Leonard Wood Army Community Hospital

Bitglass’ Healthcare Breach report states that 40% of 2016 healthcare data breaches included non-privileged access to protected health information. With more software-driven diagnostic, monitoring, and treatment systems becoming wearable and implantable, the risks of potential cyber security threats is also amplified exponentially, exposing them more to be exploited by hackers.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

To limit cyber security risks to medical devices, it is essential that manufacturers implement comprehensive cyber security risk management programmes and documentation consistent with quality system regulation (QSR), including complaint handling, quality audit, corrective and preventive action, software validation, risk analysis, and servicing.

Initiatives should be encouraged to enhance education and awareness among stakeholders, such as clinical engineers and physicians, for developing policies and processes that address robust security requirement for networked medical devices. The industry should also engage with the security community or third-party specialists to access network intrusion and provide solutions to foreseen cyber threats.

The future of technology lies in its ability to improve the quality and relevance for patient care. Health care organisations need to balance protecting patient safety and promoting the development of innovative technologies with improved device performance so as to safeguard the protected health information and safety of patients under their care.