Implanted medical device hacks are so memorable because theyre so personal. You wouldnt want something inside your body or on your skin to be remote-controlled by a criminal. Unfortunately, many types of these devices are broadly vulnerable to attack.
The above comes from a terrific article Wired magazine wrote on the need for enhanced security in the medical device industry. Its becoming abundantly clear health care providers and medical device developers have to work together. In collaboration, both must perform risk assessments to identify and mitigate the very real and mounting risks associated with connected medical devices and systems.
A comprehensive risk management program, in place within both health care and device developer organizations, would go a long way to ensuring security and privacy of valuable patient data, not to mention patients themselves. Stolen medical records are getting top dollar on the dark web, where the Internets black market operates. And some of the malicious individuals seeking to get inside these devices arent after data; they could be out to harm your patient.
In honor of this years Data Privacy Day, we created an infographic to demonstrate how far and wide health data can spread. Our goal was to raise awareness of the risks associated with unsecured medical devices and systems. We wanted to shine a light on what are just a few of risks associated with a growing field of connected devices in the medical arena. The infographic provides a visual depiction of just how easily and quickly that data can leave facilities and be shared with an unlimited number of others.
Another resource health care organizations may consider is the FDAs guidance for managing cybersecurity vulnerabilities within medical devices.
These risks are just a couple of the motivations behind the development of SIMBUS360.com and its automated risk assessment tool. The solution can be used by any size of organization, which is key. Too many organizations tend to believe they cant afford such assessments. That is no longer true.
Its our hope more medical device engineers will take cybersecurity and privacy risks seriously and design mitigating controls into their devices. This, in turn, will allow more health care providers to confidently prescribe the use of what are no-doubt excellent innovations in health.
We would love to hear your thoughts, especially if you are a medical device engineer. What are the challenges you face as you look to prioritize security controls? How can the health care provider community help advance your mission to get to market quickly while also maintaining patient health, security and privacy?