Even with the cautionary measures implemented by manufacturers and regulatory agencies, there is still a potential for connected medical devices to be maliciously altered remotely via hacking. “There is no such thing as a threat-proof medical device,” said Suzanne Schwartz, MD. MBA, director of emergency preparedness/operations and medical countermeasures at the FDA’s Center for Devices and Radiological Health. “It is important for medical device manufacturers to remain vigilant about cybersecurity and to appropriately protect patients from those risks.”7 Clinicians should be aware of the security risks associated with connected medical devices and take all proper precautions to prevent or limit security breaches. Patients using these devices should also be aware of any unusual activity from the devices that may indicate that the security has been compromised.

References

  1. Robertson, J. McAfee hacker says Medtronic insulin pumps vulnerable to attack. Bloomberg Business. http://www.bloomberg.com/news/articles/2012-02-29/mcafee-hacker-says-medtronic-insulin-pumps-vulnerable-to-attack. Published February 29, 2012. Accessed March 31, 2015.
  2. United States Government Accountability Office. Medical devices: FDA should expand its consideration of information security for certain types of devices. http://gao.gov/assets/650/647767.pdf. Published August 2012. Accessed March 31, 2015.
  3. Medtronic Statement on Medical Device Security. http://newsroom.medtronic.com/phoenix.zhtml?c=251324&p=irol-newsArticle&ID=1866063. Published October October 19, 2013. Accessed March 31, 2015.
  4. Zetter, K. It’s insanely easy to hack hospital equipment. Wired. http://www.wired.com/2014/04/hospital-equipment-vulnerable/. Published April 25, 2014. Accessed March 31, 2015.
  5. U.S. Department of Health and Human Services, Food and Drug Administration, Center for Devices and Radiological Health, Office of Device Evaluation, Office of In Vitro Diagnostics and Radiological Health, and Center for Biologics Evaluation and Research. Content of Premarket Submissions for Management of Cybersecurity in Medical Devices, Guidance for Industry and Food and Drug Administration Staff. http://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm356190.pdf. Published October 2, 2014. Accessed March 31, 2015.
  6. U.S. Department of Health and Human Services, Food and Drug Administration, and Center for Devices and Radiological Health. General Wellness: Policy for Low Risk Devices, Draft Guidance for Industry and Food and Drug Administration Staff draft guidance. http://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm429674.pdf. Published January 20, 2015. Accessed March 31, 2015.
  7. Food and Drug Administration. The FDA takes steps to strengthen cybersecurity of medical devices. http://www.fda.gov/NewsEvents/Newsroom/PressAnnouncements/ucm416809.htm. Published October 1, 2014. Accessed March 31, 2015.