The FDA Wants Cooperation on Medical Cybersecurity

Seth Carmody, cybersecurity project manager at the FDA, has addressed a conference of delegates from the medical device industry on how the FDA wants a team effort when it comes to countering “adversaries” who breach the cybersecurity of medical devices and data.


Image Credit

Responding to the Risk of Cyber-Crime

He spoke about the importance of cooperation between parties when dealing with cyber-crime and responded to user queries regarding glitches and vulnerabilities in medical devices. He urged healthcare executives and managers to take all complaints from patients seriously, even if the device is outdated or manufactured by a different firm.

Carmody recommends that companies undertake a full risk assessment in the face of any complaints or concerns from patients in terms of cybersecurity. If the risk of security breaches is deemed to be serious, companies then need to issue a “coordinated disclosure” about their product’s weaknesses and any remedies that could apply.

Such is the growing concern about cyber-safety that some now believe devices should be thoroughly screened for vulnerabilities during the clinical trial period. Of course, this will place extra burdens on the clinical trials industry in terms of paperwork and staffing levels. Clinical solutions provider can advise on recruitment of contract research organization personnel.

Action on Cyber-Crime

In January the FDA issued guidelines on the subject of how medical device manufacturers could integrate security systems into their processes and procedures in order to further protect their devices from the threat of malicious cyber hackers. See for more information.

Theoretically, it would be possible for someone with malicious intent to hack into medical equipment which is linked to the internet and cause harm to patients. For example, a wirelessly enabled insulin pump could be tampered with and the wrong dose administered. The same risk applies to any dosing device which is linked to the web. None of these things has happened yet, but the consequences of such a breach of security could be disastrous for patients and hospitals.

However, in February 2016, hackers did take a California hospital’s computer system hostage, demanding a ransom to restore normal networks. The hospital had to pay $17,000 in Bitcoins to the criminals in order to obtain the malware key. Incidents such as these have prompted greater concerns about patient safety and cybersecurity.