It’s Impossible to Eliminate Cybersecurity Threat

Five hundred billion. That’s the estimated number of times a patient will be exposed to a connected medical device over the next 10 years. Yet we as an industry don’t know anything about those exposures, said Dale Nordenberg, M.D., co-founder, executive director of Medical Device Innovation, Safety & Security Consortium. “Our digital health structure is a new utility that we haven’t matured like electric & water,” he explained. “We want to safeguard this innovation.”

Key stakeholders in medical device cybersecurity gathered during a recent MedTech Intelligence conference on the topic to discuss that exact point—ensuring innovation continues while securing devices and protecting against the constant and evolving threats.

“For all the best efforts that industry and all stakeholders can take, the ability to entirely eliminate the possibility of a hack or exploit occurring just doesn’t exist,” said Suzanne Schwartz, M.D., associate director for science and strategic partnerships at CDRH. “We have to understand that these are not entirely preventable.”

Cybersecurity isn’t just about patient privacy—it’s also about the security of a medical device, said Laura Elan, North American service leader for UL, LLC’s regulatory solutions and eHealth business. “There’s no such thing as a product that isn’t hackable.”

Biggest Threats in Cybersecurity

According to the FBI, some of the biggest threats the agency is seeing in the cybersecurity arena are:

Plan for an Attack

Once an incidence occurs, the FBI gets involved. However, companies will be better positioned to deal with an incident if they follow three general recommendations, advises Kiran Raj, former deputy general counsel for the Department of Homeland Security:

Companies can sign up to receive FBI alerts by emailing Cywatch@ic.fbi.gov alerts. This resource will keep companies updated on breaking news and other FBI updates in cybersecurity. The agency also encourages device companies to have a relationship with their local/regional FBI office. When an incident does occur, a compliant should be filed with IC3 (the FBI’s Internet Crime Complaint Center). This Center allows FBI to keep track of patterns and trends related to complaints as well.

Related Articles

About The Author

Exit mobile version