Networked device innovations have transformed healthcare by
empowering patients and providers to more closely monitor health,
enhancing quality of life and improving clinical outcomes. However,
the interconnectivity that drives these benefits also creates
significant vulnerabilities and security gaps which, if exploited,
could compromise sensitive private health information or even
patient safety.
Headlines regarding threats to cybersecurity in the healthcare
sector are appearing with increasing frequency. On October 17, St.
Jude Medical announced plans to assemble a cybersecurity advisory
board to provide input on how to make its connected medical devices
more secure. This announcement follows recent accusations that a
number of St. Jude's heart devices pose serious security risks
from cyber attacks. Although St. Jude denied those specific
accusations, in assembling the advisory board, the
company has acknowledged the reality that cybersecurity
threats cannot be completely eliminated, only managed.
Earlier this month, device maker Johnson & Johnson mailed
letters directly to patients warning of a security bug in one of
its insulin pumps that could allow unauthorized access. Although
Johnson & Johnson indicated a low probability that this
vulnerability would be exploited, the company instructed users on a
proactive approach for reducing the risk.
The U.S. Food and Drug Administration has encouraged medical device
manufacturers to monitor and address cybersecurity risks as part of
the postmarket management of products. In draft guidance published
in January 2016, the FDA indicated that actions taken to address
cybersecurity threats will be considered routine updates and
patches which will not require advance notification or reporting to
the agency.
Connectivity inevitably creates security vulnerabilities, making it
challenging to completely secure medical devices. Therefore,
stakeholders including patients, providers and manufacturers must
continue to collaborate to manage the risk and minimize the
potential for data breaches and patient harm.
For more articles and regular updates on legislative changes, regulatory developments and other news of interest to businesses, professionals and investors in the healthcare industry, please subscribe to Day Pitney's mailing lists.
Click here for more Healthcare Blogs from Day Pitney
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.