Cyber criminals are not just looking out for your bank and credit card details alone. In fact, there are good chances that your medical devices might get hacked as well. Hacking of medical devices is no longer just a chapter of some popular sci-fi novel; rather it has emerged as a growing concern for all the stakeholders in the healthcare industry. The situation has turned critical with the recent Wannacry ransomware affecting the British healthcare services.
The Internet of Medical Devices
The evolution of wireless technology has hugely influenced medical technology as well. No doubt mHealth and networked medical devices have transformed the delivery of medical services, however it has also exposed the entire medical system to cyber attacks as well. Apart from issues related to a patient’s safety, hacked medical devices can be used for identity theft, tax frauds, as well as buying medications which can be later sold on the dark web.
Complex software and network capabilities have transformed medical equipment into sophisticated devices. The need of the hour is to build a strong and secure network which will protect the equipment from hacking and other cyber malpractices.
Medical device security: A shared responsibility of every stakeholder
The onus of medical device cyber security falls on every stakeholder within the industry. Right from device manufacturers, healthcare providers, regulators, to the patients – each and every one of them need to take essential steps to avoid cyber attacks.
For instance, device manufacturers should work towards:
- Platform and server hardening
- Foolproof inscription and code-signing
- Protecting manufacturing integrity
Providers of healthcare services, on the other hand, have to work towards holistic asset management, risk mitigation, and detection of anomalies in their network.
Cyber proofing medical devices: The only way ahead
Apart from issuing several alerts, the Food and Drug Administration (FDA) has released an industry guidance document titled Postmarket Management of Cybersecurity in Medical Devices. This guide enables the manufacturers to identify issues during the design and development of the devices. Similarly, regulations like HIPAA and the ISO/IEC 80001 series of standards provide frameworks which need to be compiled by medical device manufacturers.
Lastly, it is important that serious thought is given to the lifecycle of medical equipment and the entire procurement process of these devices. Transparent procurement along with diligent contract and lifecycle management is sure to enhance the security standards of the medical devices.