ARTICLE
22 October 2016

Medical Device Connectivity Creates Vulnerabilities

DP
Day Pitney LLP

Contributor

Day Pitney LLP logo
Day Pitney LLP is a full-service law firm with more than 300 attorneys in Boston, Connecticut, Florida, New Jersey, New York and Washington, DC. The firm offers clients strong corporate and litigation practices, with experience on behalf of large national and international corporations as well as emerging and middle-market companies. With one of the largest individual clients practices on the East Coast, the firm also has extensive experience assisting individuals and their families, fiduciaries and tax-exempt entities plan for the future.
Networked device innovations have transformed healthcare by empowering patients and providers to more closely monitor health, enhancing quality of life and improving clinical outcomes.
United States Food, Drugs, Healthcare, Life Sciences

Networked device innovations have transformed healthcare by empowering patients and providers to more closely monitor health, enhancing quality of life and improving clinical outcomes. However, the interconnectivity that drives these benefits also creates significant vulnerabilities and security gaps which, if exploited, could compromise sensitive private health information or even patient safety.

Headlines regarding threats to cybersecurity in the healthcare sector are appearing with increasing frequency. On October 17, St. Jude Medical announced plans to assemble a cybersecurity advisory board to provide input on how to make its connected medical devices more secure. This announcement follows recent accusations that a number of St. Jude's heart devices pose serious security risks from cyber attacks. Although St. Jude denied those specific accusations, in assembling the advisory board, the company has acknowledged the reality that cybersecurity threats cannot be completely eliminated, only managed.

Earlier this month, device maker Johnson & Johnson mailed letters directly to patients warning of a security bug in one of its insulin pumps that could allow unauthorized access. Although Johnson & Johnson indicated a low probability that this vulnerability would be exploited, the company instructed users on a proactive approach for reducing the risk.

The U.S. Food and Drug Administration has encouraged medical device manufacturers to monitor and address cybersecurity risks as part of the postmarket management of products. In draft guidance published in January 2016, the FDA indicated that actions taken to address cybersecurity threats will be considered routine updates and patches which will not require advance notification or reporting to the agency.

Connectivity inevitably creates security vulnerabilities, making it challenging to completely secure medical devices. Therefore, stakeholders including patients, providers and manufacturers must continue to collaborate to manage the risk and minimize the potential for data breaches and patient harm.

For more articles and regular updates on legislative changes, regulatory developments and other news of interest to businesses, professionals and investors in the healthcare industry, please subscribe to Day Pitney's mailing lists.


Click here for more Healthcare Blogs from Day Pitney

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More