Receive our newsletter – data, insights and analysis delivered to you
  1. Comment
May 21, 2017

Cyber Security to Safeguard Healthcare Information: A Prerequisite for Medical Devices

Cyber security involves safeguarding the integration of medical devices, networking, software, and operating systems from attack, damage or unauthorised access.

By GlobalData Healthcare

Cyber security involves safeguarding the integration of medical devices, networking, software, and operating systems from attack, damage or unauthorised access.

Advancements made in networked technologies have raised the bar for the need to address unintended safety, privacy, and cyber security issues. The FDA regulates the cyber security of software so that medical devices can be marketed to assure benefits to patients and outweigh risks.

In 2011, the FDA issued the Medical Device Data System (MDDS) rule, which includes software and electronic or electrical hardware (including wireless) used for medical purposes. This applies to devices from class III (high risk) to class I (low risk) and also to systems that act as a mechanism to transfer, store, convert, or display medical device data without controlling or modifying the function or parameters of a connected medical device such as software that stores blood pressure information of a patient to review at later time. However, in 2015, the FDA republished MDDS rules stating that low-risk devices such as medical image storage devices need not comply with the rule as they pose low risk to cyber security threats.

Networked technology in medical devices offers many benefits such as increasing patient mobility by eliminating wires that tether a patient to a medical bed; providing health care professionals the ability to remotely programme devices and providing the ability to physicians to access and monitor patient data regardless of their location.

GLWACH's eICU pilot program. Source: General Leonard Wood Army Community Hospital

Bitglass’ Healthcare Breach report states that 40% of 2016 healthcare data breaches included non-privileged access to protected health information. With more software-driven diagnostic, monitoring, and treatment systems becoming wearable and implantable, the risks of potential cyber security threats is also amplified exponentially, exposing them more to be exploited by hackers.

Content from our partners
Precision wire: The future of bespoke medical treatment
Why this global life sciences COO believes relocation to Charleston, SC, was key to achieving next-level success
“This technique means everything to us”: How CGM devices empower users 

To limit cyber security risks to medical devices, it is essential that manufacturers implement comprehensive cyber security risk management programmes and documentation consistent with quality system regulation (QSR), including complaint handling, quality audit, corrective and preventive action, software validation, risk analysis, and servicing.

Initiatives should be encouraged to enhance education and awareness among stakeholders, such as clinical engineers and physicians, for developing policies and processes that address robust security requirement for networked medical devices. The industry should also engage with the security community or third-party specialists to access network intrusion and provide solutions to foreseen cyber threats.

The future of technology lies in its ability to improve the quality and relevance for patient care. Health care organisations need to balance protecting patient safety and promoting the development of innovative technologies with improved device performance so as to safeguard the protected health information and safety of patients under their care.

Related Companies

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. The top stories of the day delivered to you every weekday. A weekly roundup of the latest news and analysis, sent every Friday. The medical device industry's most comprehensive news and information delivered every month.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy