Helpful Hacking: What Medical Device Companies Need to Know
As connected medical devices become more commonplace, device manufacturers should prepare for helpful hacking and consider how to address potential recalls that may arise.
May 17, 2016
As connected medical devices become more commonplace, device manufacturers should prepare for helpful hacking and consider how to address potential recalls that may arise.
Kevin Pollack
It's difficult to argue against the benefits of the Internet of Things (IoT) in the world of medical devices. Connected medical devices can improve patient care, better manage chronic diseases, and lower overall healthcare costs. The industry is growing so much it even has its own acronym: IoT MD.
However, as with any burgeoning industry, there are risks. Connected medical devices are vulnerable to the same sort of coding bugs that end up in other software. A hacker who makes his or her way into a pacemaker or insulin pump could potentially do a lot more damage than one who hacks into a smartphone or laptop.
Last year, students at the University of Alabama were able to hack into a robot that simulates human functions, disabling its pacemaker. This example clearly demonstrates the potentially deadly consequences of such vulnerabilities.
With this in mind, FDA wants medical device manufacturers to allow independent security researchers to hunt for potentially life-threatening vulnerabilities. FDA believes the lessons learned from these "helpful hackers" will improve the safety and efficacy of connected healthcare devices.
On the face of it, this seems like a good idea. Not long ago, traditional software and computer companies were reluctant to work with independent security researchers. They were concerned helpful hacking would open them up to security breaches. That has changed, and so might the feelings of medical device manufacturers.
In the meantime, manufacturers must examine the security implications of new advancements and consider what they mean for their recall management capabilities. It only makes sense that the likelihood and complexity of recalls will rise. As products become more complex, the potential for recalls increases--simply because there are more features that can go wrong.
Once a recall occurs, executing the event and disposing of affected product is also more complicated, as technologically advanced products often include potentially hazardous materials that are subject to additional regulations. At the same time, new tools and regulations are being developed that will protect consumers and products from these sorts of threats. Safeguarding consumers--especially those who are the most vulnerable--should be at the forefront of manufacturers' agendas as their products become progressively more plugged-in.
With the spotlight now shining on medical devices manufacturers, here are just a few steps manufacturers should take to be prepared for the possibility of a recall:
1.Prepare a recall plan, equipped with a dedicated recall team--A solid recall plan helps manufacturers quickly locate the device and remove it from the marketplace. With every recall, there are four goals: protect the public, protect the brand, protect the environment, and close the recall as soon as possible. For the plan to be most effective, it must clearly define roles for all members of the company, especially for the management team. During a recall, this will ensure everyone knows their responsibilities and can act in a timely manner.
2.Test your plan--When a recall happens, things move fast. By conducting "mock recalls," manufacturers can see firsthand any gaps or flaws in the plan and make necessary changes. Conducting a mock recall could be the difference between a successful recall or one that lingers on, adding additional cost and unnecessary brand damage.
3.Know your partners, suppliers, and vendors--In today's global economy, it is critical manufacturers maintain comprehensive records of their entire supply chain. This practice will help expedite recall resolution should an issue occur. Furthermore, it's imperative all stakeholders are ready for a recall. Transparency is key. Manufacturers need to establish trust in their global supply chain.
4.Navigate global regulations--As the medical device market has gone global, managing a recall has become much more complex. Manufacturers should be familiar with the regulatory variances within all active markets. One option to deal with the many nuances during an international recall is to work with a third-party consultant. An expert consultant can help adapt a recall plan to each international market and streamline the process even before a crisis strikes.
5.Be open, honest, and fast--It is critical that all affected parties--patients, regulators, and distributors--are informed of the recall and updated as it evolves. Companies should also respond quickly and effectively to inquires from consumers and media. Questions can come from many avenues, including the web, call centers, and emails. It is important that all responses are consistent across each outlet.
As the IoT MD evolves, so will its associated challenges and risks. By preparing to tackle potential problems quickly and effectively, medical device manufacturers can ensure they are known for their innovations--and not for any issues that come with them.
Kevin Pollack is vice president at Stericycle ExpertSOLUTIONS. Reach him at [email protected]
[Image courtesy of STUART MILES/FREEDIGITALPHOTOS.NET]
You May Also Like