As technology advances, global healthcare services are becoming increasingly digitised and connected to the internet, which allows for superior integration between services, devices, caregivers, and patients. This connectivity enhances the portability of patient data and enables new avenues of patient-centric care, but also opens up the potential for data theft and malicious device tampering.

On April 17, Abbott Laboratories recalled certain implantable cardioverter defibrillators (ICDs) and cardiac resynchronisation therapy defibrillators (CRT-Ds) in order to issue a corrective firmware patch that eliminates several security flaws, including the life-threatening ability for third parties to access compromised devices and rapidly deplete their batteries or alter their functional outputs. The FDA approved this recall and claims that there are no known reports of patients being harmed due to these cybersecurity flaws (FDA, 2018b).

Medical device vulnerabilities extend well beyond wireless devices. Recently, a research group identified computed tomography (CT) scanners as a primary point of vulnerability in hospitals, and demonstrated that the devices’ operations could be maliciously altered (Mahler et al., 2017). The report authors show that the CT device exploit could lead to radiation overdose or data manipulation.

As is the case with CT scanners, many devices are connected to a computer, or have a computer embedded within them, which opens up a host of vulnerabilities if their operating systems are not up to date. These operating system exploits can be particularly disruptive, as was seen in the 2017 WannaCry ransomware cyberattack.

This attack spread globally and had a profoundly negative impact on National Health Service (NHS) hospitals in the UK, some of which were forced to divert patients. Following WannaCry, NHS Digital assessed 200 trusts and found that all of them were still vulnerable to further attacks, indicating an urgent need for regulatory bodies to fully address the issue of cybersecurity (House of Commons Committee of Public Accounts, 2018).

The FDA recently released a press statement that outlined the agency’s commitment to enhancing medical device safety. In this statement, the FDA emphasised both the importance of managing the total life cycle of devices and the pressing need to create robust resources to defend against cyberattacks (FDA, 2018a). As devices continue to become more complex, integrated, and connected, it is vital that they are secured from cyberattacks across their entire lifecycle to ensure that they remain safe for use.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

For more insight and data, visit the GlobalData Report Store – Verdict Medical Devices is part of GlobalData Plc.