As hospitals in the UK and Indonesia grappled with the Ransomware attack, the susceptibility of medical devices to cyber attacks again made news across the globe. One of the most conservative verticals of the life sciences industry, the manufacturers of medical devices are gradually adopting technology to provide a better diagnosis of health conditions. No doubt digitization has transformed the overall performance of the medical devices, but at the same time, it has exposed the industry to events like hacking, malware, and cyber attacks as well.
Hacking of medical devices – What is at stake?
Most medical devices have electronic records of the patient’s medical history, the medicines prescribed, as well as information on allergies and other vital facts. Any compromise on this data will not only attract huge financial loss for the hospitals but will also cost the very lives of the patients. Medical devices like insulin pumps and pacemakers have higher exposure to hacking and malware attack. The wireless technology employed in these devices make them an easy target for the hackers.
Medical devices manufacturers – Bracing up to the challenge
With more than 100 million personal health records being compromised, the Food and Drug Administration (FDA) has rolled out a set of guidelines for the device manufacturers as well as healthcare facilities.
As a medical device manufacturer, the FDA recommends that:
- The medical device inventory, change management systems, and other networked servers and workstations are monitored closely
- All the devices which are running on unpatched version of Windows should be upgraded to the relevant security patched version of the Windows
- Conducting vulnerability scans on a regular basis. Though not a foolproof procedure, vulnerability scans do help in identifying devices which are liable to malware attack
- Involving the third-party managers and medical device vendors in the risk management process
- Prioritizing patches for medical devices and involving the IT department to update the affected medical devices
Lastly, the FDA also wants medical device manufacturers to build response mechanism to handle incidents of cyber attack and see to it that the other devices and medical facilities do not get infected.