As more and more connected devices hit the market, device makers, hospitals, and consumers alike are overlooking one important fact: Any device connected to a network is vulnerable to attack. And when you're talking about medical technology, cybersecurity literally becomes a matter of life and death.
Device makers should by now be well aware of Jay Radcliffe's 2010 hack of an insulin pump, in which he triggered it to remotely release lethal doses of insulin. But more recent events like the widespread HeartBleed bug, one of the biggest threats ever to Internet security, should be a wake up call. Online data is vulnerable, and medical data is some of the most valuable data of all.
Even if the Radcliffe scenario seems far-fetched, think of how much personal and sensitive patient information is stored in electronic health records and connected medical devices.
FDA has issued a draft guidance calling for device makers to be more cognizant of cybersecurity issues and to conduct more security testing before devices hit the market. A report release in April by SANS-Norse called the overall state of cybersecurity ôalarmingö and said that current legislations such as HIPPA and the HITECH Act are insufficient in terms of informing healthcare organizations on how to secure themselves.
Medtech is lagging behind other industries in its cybersecurity efforts, and the industry as a whole seems to be deemphasizing privacy and security issues. It won't be long until every device is connected in some way and the only way to ensure a device is truly safe and effective is to make sure it is also truly secure.
|No. 11||No. 9|
|Meet more agents of change in medtech at the MD&M East tradeshow and conference in New York City June 9–12, 2014.|
[image courtesy of CHANPIPAT/FREEDIGITALPHOTOS.NET]