With new stories continually emerging about data breaches at major companies, cyber security has never been more paramount in the minds of individual citizens, IT professionals and governments than ever before. Alarmingly, recent studies have revealed that medical devices used in healthcare facilities and hospitals are currently some of the most vulnerable systems open to attack.
In response to this, the Food and Drug Administration is now working to strengthen the security of the devices utilized in hospitals and other facilities to better shield them from potential abuse or attack that could put patients’ health and even patients’ lives at risk.
New FDA Recommendations
In response to concerns, the FDA has released a long-awaited list of recommendations designed to beef up the security of medical devices. As part of the recommendations, manufacturers are now advised to take into account cyber security as part of the design of these devices. Device makers are now required to submit their research on potential risks and the security measures implemented in order to minimize these risks. In addition, device manufacturers are also required to submit plans on how they will handle future risks that might be discovered, through patching or other means.
The FDA has stated that while these new guidelines will require additional written information from manufacturers, they do not expect the examination of these materials will increase the time it takes for approval of new medical devices.
Not a Cure
While the new guidelines from the FDA are a good start, they are not an ultimate cure for the problem. In most cases, medical devices are installed and managed on each hospital’s network. It is also up to the hospital’s IT staff to ensure the safety and security of these devices. In most cases, security teams on staffs at hospitals are few and far between, making response to a breach more difficult. In addition to stronger hardware based security on the medical devices, hospitals themselves need to also make security a priority in order to ensure optimal protection for its patients.
Types of Attacks
In 2013, the main focus of cyber attacks seems to have been on stealing patient information, and the medical industry was responsible for more lost and stolen data than any other industry. Today, however, the nature of the attacks has changed as more and more the target is simply the technology that supports the industry and hospitals. Because of this, the need for more security has never been more important as these attacks could lead to lower patient care and can even danger to many patients.
The threat of cyber security has never been greater to all industries. However, it simply cannot be understated in the medical industry. The need to keep the personal information of patients safe is paramount and with the threat of attack to the technology supporting hospitals and other healthcare facilities increasing, presumable with the idea of holding medical institutions to ransom, the responsibility of both the manufacturers of medical equipment as well as the hospitals themselves has never been greater. Without added security, patients’ very lives could be at risk as the attacks continue and increase in frequency and ferocity each and every day.