FDA Warns Against Hacking Medical Devices Like Artificial Pacemakers: New Cybersecurity Guidelines Set
The field of medicine continues to advance alongside technology. From tiny pacemakers to large surgical equipment, the medical industry has found newer, more convenient, and more innovative ways of taking care of patient needs.
However, the very same convenience that these advancements bring could be the very same thing that harms patients. The medical industry faces the threat of cyber crime.
Why Cybersecurity Is Crucial To The Medical Industry
The medical industry is not behind on technological advancements as more and more medical facilities have begun to use more technologically advanced equipment. Unfortunately, even the gadgets that hospitals and people rely on to keep track of their physical states are not exempted from being victimized by cybercrimes. From hacking hospital records to more direct damage infliction on patients, the medical industry grows concerned about the looming threat of cyber attacks.
In 2015, the FDA urged manufacturers of medical devices to ensure the security of their products. As these devices are usually connected to hospital servers via the internet, it puts patients at risk of being hacked, thereby releasing private information. In the same memo, the FDA required medical manufacturers to report any significant cyber-security threat especially if it could lead to serious health concerns or even death.
Possible Threats Cyber Crimes Pose
The persistent threat that the medical industry faces lies in the vulnerability of their equipment. A simple hack in a hospital's main network can compromise or leak all of their patient's personal data. It doesn't sound that threatening until cybercriminals hold the entire patient record by hostage, which is exactly what happened to a hospital in California earlier this year where the hospital had to pay $17,000 to the hackers just to gain access to their own records. Attacks such as these are rarely made public for obvious reasons. It would be hard to trust a medical facility that can't even protect their own records.
Another, and possibly more dangerous, way that cyber-security is relevant is when it comes to more personal hospital equipment. The possibility of hacking a drug-infusion pump and even implantable devices poses a serious, more direct and possibly even fatal threat to patients.
New FDA Guidelines: Cybersecurity For Medical Devices
With the constant threat of cyber-crimes on the plate, the FDA has recently released a new set of guidelines that could mitigate the probability of such devious acts. The statement was released on Dec. 27 by Suzanne B. Schwartz M.D., M.B.A. The message focused on the FDA's continuous efforts to ensure patient safety and security by working with medical manufacturers in ensuring the security of their devices. Recommendations included devising a way to detect any cyber-anomalies and employing prevention measures such as software patches.
Embracing the advancements that innovation contributes to the medical industry includes acknowledging both the strengths, limitations and even threats that come along with it. That being said, the FDA is continuous in their efforts to ensure the security and safety of both the patients and the medical industry.