Medical Device Security in Manufacturing
The global medical device market is growing, as Southeast Asia and China increase their orders for more of the health care instruments. Many if not most of those devices connect patients and their health care teams through the Internet and the cloud, which increases the number of opportunities for hackers and other cyber criminals to invade those private communications. Consequently, in its 2016 report, “Postmarket Management of Cyber security in Medical Devices,” America’s Food and Drug Administration (FDA) encouraged device manufacturers to consider the cyber security concerns throughout the device development lifecycle, including the design, production, distribution and deployment phases.
As a device manufacturer and one of many stakeholders in the med device industry, your company plays a critical role in making and keeping health care devices safe both for use and against breaches.
Most of the existing vulnerabilities found in medical devices are inadvertent; neither the designer nor the manufacturer contemplated the potential for digital interference when creating a solution for a particular medical condition.
However, in recent years, government agencies have raised concerns about the opportunity for cyber thieves to interfere with devices’ functions and related health care systems because of insufficient or non-existent security protections.
- In 2014, the Department of Homeland Security (DHS) investigated more than 20 cases of compromised medical equipment, including imaging devices and hospital networking systems.
- In 2015, the Federal Bureau of Investigation (FBI) warned that the growing “Internet of Things” (IoT) was rife with security threats, including a myriad of medical devices, as well as innocuous digital tools such as fitness bracelets. Lack of security programming was only one problem; failed patches and consumers’ lack of awareness of the security threats add to the list of concerns raised by the increase of digital and Internet programming in health care and other wired implements.
Encouraging security through better design
The FDA report encouraged improved collaboration among all medical device stakeholders, including users, providers, IT professionals, and manufacturers, since all are affected by risk and liability exposures. The agency encouraged all players in the industry to leverage their combined resources to assess risks and develop solutions that will make prescribing and using the devices safe for both patients and their health care teams.
The FDA’s guidance doesn’t fill in for regulation
As encouraging as the FDA’s report is, it is not a substitute for formal regulations, which are still not as precise about medical device security as they could be. Your collaborations within the system may not encompass the threats that arise outside the industry, including everything from emerging ransomware attacks to “denial of service” notices. And, unless every other stakeholder takes on the obligation to increase their awareness of device security challenges, the end device product will only be as secure as the least invested system player makes it, which may leave your organization open to potential risks.
Adopt a medical device security culture
In the absence of true rules issued by an enforcement agency like the FDA, your enterprise would be wise to seek out as much information as possible from digital security sources, with an accompanying focus on enhancing the quality of the digital security features on every device you produce. Industry experts suggest including the first security discussions in the design concept phase before starting any other product development stage. Incorporating as many stakeholders as possible in those conversations will benefit all participants since each will have a specific perspective on how the security features will work.
The market for medical devices will continue to grow for the foreseeable future. Manufacturers who purposefully engineer their products with consumer and system security in mind will certainly maintain their share of that growing sector.