Why Medical Device Cybersecurity Matters

In our post-pandemic, socially distant world, tech-enabled distributed healthcare has become ubiquitous. As medical devices get more advanced to support this evolving landscape, so do the cyber-attacks that are being waged on these medical devices.

All software faces potential cybersecurity exposure. The threat is even more pronounced in healthcare, which has long been the target of cyber-attacks. Electronic health records are chock full of personal information. Beyond the patient’s name, address, and health information, their health records also contain their social security number, employer, and even credit card info.

Consider this: In 2020, more than 29 million healthcare records were breached, representing a 25% increase over the prior year. Since 2014, healthcare breaches have doubled. Hacking incidents accounted for 67% of data breaches and 92% of breached records. Since 2009, 78 million healthcare records have been breached.*

What the FDA says about cybersecurity for medical devices:

While security has always been a priority among regulatory bodies and medical manufacturers alike, the issue of medical device cybersecurity has taken center stage of late. The FDA requires medical device manufacturers to comply with quality system regulations (QSRs), which include a cybersecurity component. While the FDA offers pre- and post-market cybersecurity guidance and recommendations for the comprehensive management of medical device cybersecurity risks and continuous improvement throughout the product lifecycle, the ultimate responsibility falls on the manufacturer.

Two forms of cyber-harm:

When most people think of cyber-breaches, malicious hackers come to mind. And while cyber-hacking is a very real, rapidly growing threat, it is not the only threat:

• Hackers: In 2020, cyber-hackers got creative as new pandemic-related vulnerabilities emerged. Beyond phishing attacks and information theft, ransomware attacks took center stage as the year progressed—and they continue to be a huge problem. These attacks have been known to shut down IT systems and slow operations at hospitals and healthcare facilities across the U.S. Hackers will always be a threat to software-enabled medical devices, and they warrant vigilant attention.
• Accidental: While malicious actors remain a top concern, malice is not a prerequisite to harm. Equally as dangerous are the unintended threats, such as user error or a technology glitch. To that end, medical device design must include safeguards to prevent accidental harm as well as malice-based threats.

Because medical device vulnerabilities and threats cannot be eliminated entirely, the best way to minimize your risk is to design cybersecurity into it from the beginning. Cybersecurity in healthcare is particularly complex, requiring manufacturers, hospitals, and facilities to work together to manage the growing risks. Understanding the various components of an effective medical device cybersecurity policy is essential in this process. But you don’t have to go it alone.

At Sterling Medical Devices, we are experts in the FDA’s constantly evolving medical device cybersecurity guidelines, as well as European Union standards, and dozens of other government regulations. We know what it takes to design safe, compliant medical devices to protect your patients, your bottom line, and your brand.

For more information about how Sterling can help protect your medical device from cybersecurity threats, contact us here.

*Hippa Journal – 2020 Healthcare Data Breach Report: 25% Increase in Breaches in 2020