Receive our newsletter – data, insights and analysis delivered to you
  1. Comment
May 15, 2018

The FDA turns its focus to medical device cybersecurity

As technology advances, global healthcare services are becoming increasingly digitised and connected to the internet, which allows for superior integration between services, devices, caregivers, and patients. This connectivity enhances the portability of patient data and enables new avenues of patient-centric care, but also opens up the potential for data theft and malicious device tampering.

By GlobalData Healthcare

As technology advances, global healthcare services are becoming increasingly digitised and connected to the internet, which allows for superior integration between services, devices, caregivers, and patients. This connectivity enhances the portability of patient data and enables new avenues of patient-centric care, but also opens up the potential for data theft and malicious device tampering.

On April 17, Abbott Laboratories recalled certain implantable cardioverter defibrillators (ICDs) and cardiac resynchronisation therapy defibrillators (CRT-Ds) in order to issue a corrective firmware patch that eliminates several security flaws, including the life-threatening ability for third parties to access compromised devices and rapidly deplete their batteries or alter their functional outputs. The FDA approved this recall and claims that there are no known reports of patients being harmed due to these cybersecurity flaws (FDA, 2018b).

Medical device vulnerabilities extend well beyond wireless devices. Recently, a research group identified computed tomography (CT) scanners as a primary point of vulnerability in hospitals, and demonstrated that the devices’ operations could be maliciously altered (Mahler et al., 2017). The report authors show that the CT device exploit could lead to radiation overdose or data manipulation.

As is the case with CT scanners, many devices are connected to a computer, or have a computer embedded within them, which opens up a host of vulnerabilities if their operating systems are not up to date. These operating system exploits can be particularly disruptive, as was seen in the 2017 WannaCry ransomware cyberattack.

This attack spread globally and had a profoundly negative impact on National Health Service (NHS) hospitals in the UK, some of which were forced to divert patients. Following WannaCry, NHS Digital assessed 200 trusts and found that all of them were still vulnerable to further attacks, indicating an urgent need for regulatory bodies to fully address the issue of cybersecurity (House of Commons Committee of Public Accounts, 2018).

The FDA recently released a press statement that outlined the agency’s commitment to enhancing medical device safety. In this statement, the FDA emphasised both the importance of managing the total life cycle of devices and the pressing need to create robust resources to defend against cyberattacks (FDA, 2018a). As devices continue to become more complex, integrated, and connected, it is vital that they are secured from cyberattacks across their entire lifecycle to ensure that they remain safe for use.

Content from our partners
Precision wire: The future of bespoke medical treatment
Why this global life sciences COO believes relocation to Charleston, SC, was key to achieving next-level success
“This technique means everything to us”: How CGM devices empower users 

For more insight and data, visit the GlobalData Report Store – Verdict Medical Devices is part of GlobalData Plc.

Related Companies

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. The top stories of the day delivered to you every weekday. A weekly roundup of the latest news and analysis, sent every Friday. The medical device industry's most comprehensive news and information delivered every month.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU