Inside the Fight to Protect Medical Devices from Hackers

Inside the Fight to Protect Medical Devices from Hackers

Medical devices such as pacemakers, insulin pumps and MRIs have transformed the way patients manage and receive treatment for health conditions. But as technology continues to advance at a rapid pace, efforts to continually protect the security of these medical devices requires constant vigilance. Blue Cross Blue Shield of Michigan supports efforts to help medical device manufacturers remain secure from cyberattacks and maximize patient safety at health care facilities.

The Problem

Think of how often your smartphone software requires an update. Medical devices run software that also needs regular updating, however the infrastructure to manage information technology varies widely among health care systems. “Safeguarding connected devices is a significant challenge across all industries; however, when these devices are responsible for human lives and patient well-being, this is a health care issue that must be taken head-on industry-wide,” says Brent Cieszynski, Blue Cross Blue Shield of Michigan Chief Information Security Officer. “Cyber security needs to become an integral part of engineering and product development processes in an ‘always on/always connected’ product ecosystem.”

As such, if a device is not compatible with system upgrades it may create unintentional malfunctions. Medical devices are also managed through computer networks, which require enhanced security measures to ensure hackers cannot access sensitive medical information. There are cases of cyberattacks in which ransomware has been used against hospitals, temporarily preventing access to electronic health records. In fact, nearly 50 percent of all ransomware attacks in 2017 affected the health care industry. If these medical devices such as MRIs and ultrasound machines malfunction or data is not available, procedures and treatments can be disrupted and patients can be put at risk.

The Solution

The FDA recently approved a cybersecurity bill of materials, a measurable extension of its 2014 guide. In it, they list the commercial software and hardware device components that are prone to corruption. This bill of materials will help health care organizations identify software vulnerabilities and make better informed decisions about which security systems are in place.  The health care industry is acting quickly to comply with FDA regulations by implementing new technology to protect medical devices and patient information.

The Impact

Manufacturers must make certain changes before legally marketing their medical devices, but security comes at a cost. To stay secure, health care organizations need to upgrade older, more vulnerable equipment with newer devices—something many hospitals aren’t quick to do. To safeguard sensitive data and improve patient safety, medical device manufacturers and health care organizations will need to spend more time and resources to help enhance product security. Artificial intelligence is expected to play a large role in helping to combat these types of vulnerabilities and threats.

Learn more about how Blue Cross keeps your medical information safe by reading these other blogs:

Photo Credit: Christina Morillo

Leave a Comment

Your email address will not be published. Required fields are marked *