It’s no secret that electronic medical devices have revolutionized the world of health care. Thanks to their innovations, we’re now able to support and treat patients in ways never thought possible, saving and changing lives for the better every day.
However, with this advancement has also come risk, where now more than ever health care devices and tools are at risk of being compromised by healthcare cyber attacks. In this article, we’ll discuss electronic medical devices, their potential to be hacked, and what it all means for the health system at large.
What Are Electronic Medical Devices?
Simply put, electronic medical devices are any apparatus or tool designed and used for the purpose of diagnosing, treating, mitigating or preventing health problems that are powered by electricity. They differ from other medical tools in that they require electronic circuitry to function and often include software that helps them to achieve their intended purpose.
The definition of EMDs encompasses a wide range of medical machines and products, including
- Implantable cardioverter defibrillators (ICDs)
- Infusion pumps
- X-ray machines
- CT scanners
- MRI machines
- Patient monitors for heart rate and blood pressure
The Issue Of Medical Device Security
The very thing that makes electronic medical devices so beneficial – their electronic circuitry and software – is also what makes them susceptible to hacking.
Due to their reliance on electronic components, EMDs are vulnerable to the same cybersecurity threats as any other type of computerized device. This means that they can be hacked in order to gain unauthorized access, change or delete data, or cause the device to malfunction.
The Potential For IoT Vulnerabilities
Because medical electronic devices are often connected to other devices and networks–such as hospital computers and patient medical records–they may also be vulnerable to threats posed by the internet of things (IoT).
The IoT is a network of physical devices, vehicles, home appliances and other items that are connected to the internet and can share data. This interconnectedness can make it easier for hackers to gain access to multiple devices at once if just one device on the network is unprotected.
For example, in 2017 the WannaCry ransomware attack affected more than 150 countries and infected more than 200,000 computers, including those used by hospitals and other health care organizations. This incident highlighted the potential for ransomware attacks on health care systems and likewise the importance of having medical IoT security plans and systems in place.
The Impact Of Medical Device IoT Hacking
So what happens when significant ransomware IT systems attack health care? While the full extent of the damage that can be caused by hacking a medical device is not yet known, it is clear that the potential for harm is significant.
One use of medical electronics is to monitor and treat patients with life-threatening conditions, which means that any malfunction or alteration of data could have serious consequences. In some cases, such as with pacemakers or other life support devices, hacking a medical device could even result in death.
In addition to the potential for physical harm to patients, medical hacking can also lead to disruptions in the delivery of health care services. This is because many hospitals and other health care organizations rely on networked medical devices to store and share data. If a medical device’s security is compromised, the data it contains may be altered or deleted, which could prevent doctors and other medical professionals from being able to provide the best possible care to their patients.
What Can Be Done About Medical Devices’ Security Risks?
Given the potential for harm posed by hacking a medical device, it is clear that steps need to be taken to improve patient safety and medical device security. The Food and Drug Administration (FDA) has taken the lead on this, investing in several efforts aimed at curbing the possibility of hacking medical devices.
Provision Of Responsibilities
In mitigating security vulnerabilities to medical machinery, the FDA advises that health care delivery organizations (HDOs) consistently review their networks as part of an ongoing risk management strategy. It also says that medical device manufacturers (MDMs) are responsible for maintaining vigilance over the cybersecurity risks inherent to their products, and should identify any medical device vulnerabilities before they are exploited.
The FDA states that both healthcare organizations and medical device manufacturers have a shared responsibility to implement appropriate mitigations and security solutions should any issues be found.
Official Guidance, Reports And Resources On Medical Cybersecurity Vulnerability
In addition to outlining the responsibilities of HDOs and MDMs, the FDA has also released guidance documents and resources aimed at improving medical device cybersecurity.
Examples include “Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software” and “Postmarket Management of Cybersecurity in Medical Devices“, both of which are meant to provide in-depth clarification on how to address various aspects of medical device security.
The FDA has also released several reports on the topic, such as “Strengthening Cybersecurity Practices Associated with Servicing of Medical Devices: Challenges and Opportunities“. This report includes information on specific electronic devices that may be vulnerable to attack and provides guidance on how to reduce the risks posed by servicing them.
Collaboration With Agencies And Organizations
The FDA has also been working with other agencies and organizations to increaseawareness and action in regards to device cybersecurity. For example, the FDA has worked closely with groups such as the National Health Information Sharing & Analysis Center (NHISAC), Department of Homeland Security (DHS), and MediSAO (information sharing analysis organization) to release several memorandums of understanding aimed at securing medical devices to improve patient safety.
Today’s world is unbelievably connected, presenting our society with a unique set of both benefits and challenges to deal with. Connected medical devices are a great example of this, offering both advantages and risks when it comes to helping patients. Luckily, there are many organizations and individuals working hard to make sure that the benefits of this interconnectedness outweigh the challenges. With the right diligence and precautions, we can all enjoy the amazing opportunities that come with living in a modern world.
RBC Medical has been helping clinicians and commercial enterprises build and manufacture electronic medical devices for over 20 years. Our Advantage Platforms™ allow you to test devices to your specifications before you invest in a medical device prototype. All of our devices are secure and manufactured in compliance with FDA regulations. If you’re thinking of the next innovation in medical devices, let’s talk.