Menu Close

Medical Device Connectivity Creates Vulnerabilities

Posted in Electronic Health Records, FDA, Legislation and Public Policy, Life Sciences, Medical Devices, Pharmaceuticals, Privacy and Data Protection

Networked device innovations have transformed healthcare by empowering patients and providers to more closely monitor health, enhancing quality of life and improving clinical outcomes. However, the interconnectivity that drives these benefits also creates significant vulnerabilities and security gaps which, if exploited, could compromise sensitive private health information or even patient safety.

Headlines regarding threats to cybersecurity in the healthcare sector are appearing with increasing frequency. On October 17, St. Jude Medical announced plans to assemble a cybersecurity advisory board to provide input on how to make its connected medical devices more secure. This announcement follows recent accusations that a number of St. Jude’s heart devices pose serious security risks from cyber attacks. Although St. Jude denied those specific accusations, in assembling the advisory board, the company has acknowledged the reality that cybersecurity threats cannot be completely eliminated, only managed.

Earlier this month, device maker Johnson & Johnson mailed letters directly to patients warning of a security bug in one of its insulin pumps that could allow unauthorized access. Although Johnson & Johnson indicated a low probability that this vulnerability would be exploited, the company instructed users on a proactive approach for reducing the risk.

The U.S. Food and Drug Administration has encouraged medical device manufacturers to monitor and address cybersecurity risks as part of the postmarket management of products. In draft guidance published in January 2016, the FDA indicated that actions taken to address cybersecurity threats will be considered routine updates and patches which will not require advance notification or reporting to the agency.

Connectivity inevitably creates security vulnerabilities, making it challenging to completely secure medical devices. Therefore, stakeholders including patients, providers and manufacturers must continue to collaborate to manage the risk and minimize the potential for data breaches and patient harm.

Leave a Reply

Your email address will not be published. Required fields are marked *