The medical industry is preparing for an anticipated wave of cyber attacks. There have been millions of electronic health records illegally assessed in recent years, and some believe many instances have yet to be reported. This is a situation expected to increase in a number and intensity. The newest concern is the vulnerability of medical devices such as insulin pumps, pacemakers and others to an internet hack attack. The technical and legal issues associated with this are new and unique.
Life Threatening Vulnerabilities
Research has been conducted in the UK as well as Belgium concerning the signals going to implanted devices. Their studies showed the life threatening vulnerabilities of transmissions of certain signals to medical devices implanted inside people. In a facility in Virginia where a catheter lab was located, it was shut down for a period of time because a type of malware was discovered in its computer system that supported cardiac surgery. In another case, hackers gained access to a hospital’s IT network. A virus was able to be placed in the software on devices used for X-rays, communication devices as well as blood gas analyzers and more. The Food and Drug Administration (FDA) has ongoing research to identify what medical devices are the most vulnerable.
Cybersecurity and Cyber Attacks
The federal government is working to find a solution to this potentially catastrophic problem. This National Health Information Sharing and Analysis Center (NHISA) was given over $349,00 to provide education on how to handle these types of cyber attacks. These funds are also designated to develop a system for permitting vulnerable groups the ability to share information about system breaches as well as ransomware attacks and more.
Cyber analysts believe people are motivated to hack into hospitals as well as medical devices as a way to make money. It is possible their goal is to hack into hospital systems and exploit any type of vulnerability. This could be viewed as an effective way to get money from a hospital or a medical device company. They may also be willing to obtain payment from a third party for their information. Individuals who do this type of hacking may believe they are developing important information with significant monetary value.
When an individual hacks a person’s medical device, it could lead to illness, injury and possible death. This forces the legal system to design a way to determine who is liable for a person’s physical harm when this happens. According to the FDA, the security of medical devices is a shared responsibility. It involves medical device manufacturers, healthcare providers as well as facilities and patients. This is good news for medical device manufacturers. Security flaws within an unrelated device could cause a medical device to be vulnerable to a cyber hack. Industry experts anticipate within the next decade, cyber hacking will result in litigation.
According to FDA guidance concerning medical devices, it is the device manufacturer who has the obligation to determine the vulnerability of their device to cyber threats. They are required to take all measures necessary to minimize this threat. The guidance from the FDA could be used as the basis for showing that a device manufacturer has an increased duty to provide a secure device.
Most hospital technology experts understand how wearable devices and medical networks continue to be soft spots when it comes to cyber attacks. These organizations are dealing with constant new regulations and many other challenges with limited resources. Decreasing cyber threats to medical devices is a priority, but not a major priority.
Many executives in the medical industry believe the only way to prevent patient’s possible serious injury or death from a cyber attack is with penalties for noncompliance. This could cause many companies to focus more effort on eliminating the risk of a cyber attack or risk of a serious fine or more. Some outsiders also believe litigation could also motivate necessary changes within the healthcare industry.
Learn more about Medical Device News.