Contact Us
Close Form

Interested in learning more about how we can work together in your current or next medical device design project?

Just fill out this form and we’ll be in touch!

  • This field is for validation purposes and should be left unchanged.

Wherever you are in your product development lifecycle,
Sterling can help.

P: 201-877-5682
F: 201-301-9169
info@sterlingmedicaldevices.com

Is Your Medical Device an Entry Point for a Cyber Attack?

Author: Keith Handler | Date: July 28, 2015

The Internet of Things (Iot), the continual proliferation of mobile medical devices, and the growing amount of data in hospital systems are trends medical device manufacturers should closely follow. Similarly, medical device manufacturers should track cybersecurity trends. Just last year the number of medical device cyber attacks on government systems grew to nearly 61,000*. Because lives are at stake when it comes to medical devices, the FDA has a strong interest in guiding manufacturers to help ensure safe medical devices in an increasingly interconnected world.

How Can a Hacker Use a Medical Device?

Most hospital systems have advanced levels of protection. Medical devices on the other hand, can be a point of vulnerability. Would-be hackers may be able to find weaknesses in hospital systems using medical devices as entry points to the network.

The end game with hacking medical devices is typically not to harm patients, but to gain access to patient and research data. This information, in turn, could be used to steal valuable background patient information such as social security numbers or gain access to a hospital’s financial system.

Stolen data or access from key hospital operational systems can also be used to bribe or blackmail hospital administrators to pay a ransom – or else face dangerous system malfunctions that can harm patients. Another scenario involves a ‘silent assassination’: undetectable malware that takes control of a drug pump to inject a deadly dose of medication to a patient**.

What Does the FDA Say About Medical Device Cybersecurity?

For the FDA, addressing medical device cybersecurity risks to lessen the threat of patient illness, injury, or death is a matter of shared responsibility: healthcare facilities, device manufacturers, providers, and patients must mitigate security threats together.

Here are three medical device cybersecurity concerns medical device manufacturers must consider:

  1. Each cybersecurity threat is unique, so no single approach can address every scenario.
  2. Connected medical devices (via wireless, wired, cellular, etc.) may not operate securely as intended leaving them vulnerable to hackers.
  3. The time it takes to get a medical device approved by the FDA can be lengthy, while cyber threats are constantly evolving.

In recent guidance, the FDA offers directives for medical device manufacturers, including developing “a set of cybersecurity controls to assure medical device cybersecurity and maintain medical device functionality and safety.” Example controls (where appropriate) include limiting access to users through authentication, automatic timed methods, stronger password protection, physical locks, and restricting firmware and software updates. The FDA guidance also recommends implementation of features that allow detection of security compromises, proper responses, and recovery of device reconfiguration***.

Utilizing design and development companies or in house experts that have cybersecurity experience, early in the development process, is of utmost importance. It is highly recommended that security safeguards be implemented during the medical device design stage to help ensure products released offer benefits that outweigh risks.

In today’s medical device world, people are looking to have their medical devices connected like it is with everything else they interact with. Cybersecurity safeguards need to be understood from a design and risk management perspective.

Visit our Cybersecurity page or contact Sterling Medical Devices now to learn how we can help keep your next device (or revision) secure from medical device cyber attacks.


References

* CNN.com, “Government hacks and security breaches skyrocket,” December 19, 2014

** Engineering and Technology Magazine, “Comment: Tackling malware in medical equipment,” July 14, 2015

*** U.S. Department of Health and Human Services Food and Drug Administration, Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” October 4, 2014

Share this!

Contact Us

  • This field is for validation purposes and should be left unchanged.

Resources

August 8, 2022

Medical Device Supply Chain

Medical Device Supply Chain Challenges and FDA Action Supply chain delays and disruptions can wreak havoc on any business, especially in the highly regulated medical device industry....
Read More >
View More Blogs

February 18, 2021

5 Mistakes Medical Device Startups Make

Startups are the lifeblood of medical device innovation. Without universities researching ways to solve pressing healthcare problems or doctors with experience in a particular field who have an idea to develop a prototype medical device that could help patients, the future technologies needed to help save lives wouldn't happen. But the long, arduous road through the FDA submission process to get market approval can take a long time and cost a lot of money without help. Sterling Medical Devices has been helping startups through the FDA approval process since 1998 without ever having a submission rejected.
Read More >
View More Videos
people developing a product

November 23, 2020

Sterling Helps Print Parts Win Contract with City of New York for Production of Medical-Grade Nasal Swabs

Sterling Medical Devices performed design services for a Class III breathing pacemaker with Major Level of Concern software, intended for use by patients who have lost neurological control of respiration. This life-sustaining device is comprised of two main components: an internal passive receiver and an external controller....
Read More >
View More Case Studies

Need help with your medical device?

Let Sterling Medical Devices show how to bring your idea from concept to prototype to
FDA/CE approval with a free custom project analysis.
Request Free Analysis