Sterling Medical Devices & RBC Medical Innovations are combining to create Vantage MedTech! Meet RBC
Contact Us
Close Form

Interested in learning more about how we can work together in your current or next medical device design project?

Just fill out this form and we’ll be in touch!

  • This field is for validation purposes and should be left unchanged.

Wherever you are in your product development lifecycle,
Sterling can help.

P: 201-877-5682
F: 201-301-9169

Is Your Medical Device an Entry Point for a Cyber Attack?

Author: Keith Handler | Date: July 28, 2015

The Internet of Things (Iot), the continual proliferation of mobile medical devices, and the growing amount of data in hospital systems are trends medical device manufacturers should closely follow. Similarly, medical device manufacturers should track cybersecurity trends. Just last year the number of medical device cyber attacks on government systems grew to nearly 61,000*. Because lives are at stake when it comes to medical devices, the FDA has a strong interest in guiding manufacturers to help ensure safe medical devices in an increasingly interconnected world.

How Can a Hacker Use a Medical Device?

Most hospital systems have advanced levels of protection. Medical devices on the other hand, can be a point of vulnerability. Would-be hackers may be able to find weaknesses in hospital systems using medical devices as entry points to the network.

The end game with hacking medical devices is typically not to harm patients, but to gain access to patient and research data. This information, in turn, could be used to steal valuable background patient information such as social security numbers or gain access to a hospital’s financial system.

Stolen data or access from key hospital operational systems can also be used to bribe or blackmail hospital administrators to pay a ransom – or else face dangerous system malfunctions that can harm patients. Another scenario involves a ‘silent assassination’: undetectable malware that takes control of a drug pump to inject a deadly dose of medication to a patient**.

What Does the FDA Say About Medical Device Cybersecurity?

For the FDA, addressing medical device cybersecurity risks to lessen the threat of patient illness, injury, or death is a matter of shared responsibility: healthcare facilities, device manufacturers, providers, and patients must mitigate security threats together.

Here are three medical device cybersecurity concerns medical device manufacturers must consider:

  1. Each cybersecurity threat is unique, so no single approach can address every scenario.
  2. Connected medical devices (via wireless, wired, cellular, etc.) may not operate securely as intended leaving them vulnerable to hackers.
  3. The time it takes to get a medical device approved by the FDA can be lengthy, while cyber threats are constantly evolving.

In recent guidance, the FDA offers directives for medical device manufacturers, including developing “a set of cybersecurity controls to assure medical device cybersecurity and maintain medical device functionality and safety.” Example controls (where appropriate) include limiting access to users through authentication, automatic timed methods, stronger password protection, physical locks, and restricting firmware and software updates. The FDA guidance also recommends implementation of features that allow detection of security compromises, proper responses, and recovery of device reconfiguration***.

Utilizing design and development companies or in house experts that have cybersecurity experience, early in the development process, is of utmost importance. It is highly recommended that security safeguards be implemented during the medical device design stage to help ensure products released offer benefits that outweigh risks.

In today’s medical device world, people are looking to have their medical devices connected like it is with everything else they interact with. Cybersecurity safeguards need to be understood from a design and risk management perspective.

Visit our Cybersecurity page or contact Sterling Medical Devices now to learn how we can help keep your next device (or revision) secure from medical device cyber attacks.


*, “Government hacks and security breaches skyrocket,” December 19, 2014

** Engineering and Technology Magazine, “Comment: Tackling malware in medical equipment,” July 14, 2015

*** U.S. Department of Health and Human Services Food and Drug Administration, Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” October 4, 2014

Share this!

Contact Us

  • This field is for validation purposes and should be left unchanged.


Engineer examining results of 3D printed hand model

October 5, 2022

3D Printing in Medical Device Design

Innovation is the keystone of the medical device industry – companies constantly strive to use more advanced technologies to more efficiently create higher-quality devices. The use of 3D...
Read More >
View More Blogs

February 18, 2021

5 Mistakes Medical Device Startups Make

Startups are the lifeblood of medical device innovation. Without universities researching ways to solve pressing healthcare problems or doctors with experience in a particular field who have an idea to develop a prototype medical device that could help patients, the future technologies needed to help save lives wouldn't happen. But the long, arduous road through the FDA submission process to get market approval can take a long time and cost a lot of money without help. Sterling Medical Devices has been helping startups through the FDA approval process since 1998 without ever having a submission rejected.
Read More >
View More Videos

July 12, 2022

Scalp Cooling System

Overview Paxman has been pioneering scalp cooling technology for over a quarter of a century. Paxman’s clinically proven cold cap technology has helped over 100,000 cancer patients in more than 60...
Read More >
View More Case Studies

Need help with your medical device?

Let Sterling Medical Devices show how to bring your idea from concept to prototype to
FDA/CE approval with a free custom project analysis.
Request Free Analysis