People who use various medical devices, such as pacemakers, insulin pumps and MRI systems, already have enough to be concerned with just in terms of dealing with their medical conditions. But on top of that, now they also need to deal with the issue of cybersecurity vulnerabilities that affect these devices and that have been admitted by the FDA.
FDA acknowledges that medical devices are at risk
Not just the computer systems of large corporations, governments and financial organizations are vulnerable to cybersecurity threats. The FDA is now admitting that medical devices, and in turn the patients who use them, could be victims of hacking. “Cybersecurity threats are real, ever-present and continuously changing,” admitted Suzanne Schwartz, a senior Food and Drug Administration official. “And as hackers become more sophisticated, these cybersecurity risks will evolve.” Unlike hacks that involve other computers and are mere inconveniences in the big picture, threats that involve medical devices are potentially life-threatening, such as in the case of certain heart devices. This is certainly not what any patient who uses a device like this or their loved ones wants to hear.
How the FDA has attempted to address the risks
In light of these security risks, it is clear that the FDA needs to develop rules and policies that will help to identify these vulnerabilities and then address them, with the goal of reducing the threats to these devices that many patients rely on. The FDA has taken some actions in recent years to try to do that:
- It published a 30-day document providing guidance on cybersecurity issues.
- In 2014, it published a document explaining how medical device manufacturers need to deal with cybersecurity threats when they are developing various new products. This did not address products that were already being sold at the time the document was published.
- In 2015, it told hospitals to stop using a particular infusion pump made by Hospira Inc. because a security risk could open the door for hackers to control the device from a distance
The FDA will need to stay on top of this issue and do as much as possible, because there has been mounting evidence in recent years that these threats and bugs in medical devices are real. In addition, the issues of cybersecurity risks and hacking seem to worsen over time.
What manufacturers need to do
Manufacturers of medical devices that could potentially be affected by cybersecurity threats should be extremely vigilant as well. They need to determine which products that are already on the market are at risk for threats and then determine a way to remedy the situation. If threats are severe enough to require such severe action, they need to remove products from the market that have risks so severe that they cannot be remedied. They also need to develop new products with cybersecurity threats at the forefront of their minds by designing products to be more insulated from cybersecurity threats. With all their products, they need to have ways for security experts to quickly and efficiently report potential cybersecurity threats. Finally, they need to openly communicate with medical organizations, patients and the FDA regarding any information about cybersecurity threats.
Technology can lead to many medical advances but often also brings down sides such as cybersecurity threats. Patients who use medical devices that could be affected by cybersecurity threats should stay well informed and educated about what to do. Find out if the devices you use are vulnerable to cybersecurity threats. Discuss the issue of cybersecurity threats with the doctor who prescribed the device, and ask them for advice.