Inside the Fight to Protect Medical Devices from Hackers

Blues Perspectives

| 3 min read

Inside the Fight to Protect Medical Devices from Hackers
Medical devices such as pacemakers, insulin pumps, and MRIs have transformed how patients manage and receive treatment for health conditions. However, as technology continues to advance rapidly, efforts to protect the security of these medical devices require constant vigilance.
Blue Cross Blue Shield of Michigan supports efforts to help medical device manufacturers remain secure from cyberattacks and maximize patient safety at health care facilities.

The Problem

Think of how often your smartphone software requires an update. Medical devices run software that also needs regular updating. However, the infrastructure to manage information technology varies widely among health care systems.
“Safeguarding connected devices is a significant challenge across all industries; however, when these devices are responsible for human lives and patient well-being, this is a health care issue that must be taken head-on industry-wide,” says Brent Cieszynski, Blue Cross Blue Shield of Michigan Chief Information Security Officer. “Cyber security needs to become an integral part of engineering and product development processes in an ‘always on/always connected’ product ecosystem.”
As such, if a device is incompatible with system upgrades, it may cause unintentional malfunctions. Medical devices are also managed through computer networks, which require enhanced security measures to ensure hackers cannot access sensitive medical information. If these medical devices such as MRIs and ultrasound machines malfunction or data is not available, procedures and treatments can be disrupted and patients can be put at risk.
There are cases of cyberattacks in which ransomware has been used against hospitals, temporarily preventing access to electronic health records.
According to a survey of IT professionals, more than 1 in 3 health care organizations globally reported being hit by ransomware in 2020. In fact, the industry experienced a 45% uptick just since November 2020, according to HealthITSecurity. Moreover, from January 2016 to December 2021, 374 ransomware attacks on US health care delivery organizations exposed the PHI of nearly 42 million patients. As the threat and sophistication of cyberattacks against medical technologies continues to rise, so does the need for increased safeguards.
Here is a helpful infographic from the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency showing how cyber threats target medical devices.

The Solution

The U.S. Food and Drug Administration works aggressively to reduce cybersecurity risks as pacemakers, insulin pumps and MRI machines become more advanced. The FDA regulates medical devices and provides guidance to help ensure manufacturers develop and maintain products that are cyber secure.
The FDA’s medical device guidelines help health care organizations identify software vulnerabilities and make better-informed decisions regarding security protocols. If the FDA identifies a perceived risk, it may issue a “safety communication” with steps for patients, providers and manufacturers to follow. The health care industry is acting quickly to comply with FDA regulations by implementing new technology to protect medical devices and patient information.

The Impact

Manufacturers must make certain changes before legally marketing their medical devices, but security comes at a cost. To stay secure, health care organizations need to upgrade older, more vulnerable equipment with newer devices—something many hospitals aren’t quick to do.
To safeguard sensitive data and improve patient safety, medical device manufacturers and health care organizations will need to spend more time and resources to help enhance product security. Artificial intelligence is expected to play a large role in helping to combat these types of vulnerabilities and threats.
Related content:
Photo credit: Getty Images
MI Blues Perspectives is sponsored by Blue Cross Blue Shield of Michigan, a nonprofit, independent licensee of the Blue Cross Blue Shield Association