Med device cybersecurity warnings will only grow, privacy expert says

Consumers and providers should expect to soon see more warnings related to cybersecurity vulnerabilities in medical devices, according to Kevin Fu, an associate professor of electrical engineering and computer science and director of the security and privacy lab at the University of Michigan.

Fu, in an interview with HealthcareInfoSecurity, is referring to warnings similar to one issued by the U.S. Food and Drug Administration about vulnerabilities found in Hospira infusion pumps. He predicts there will be more alerts simply because there are so many legacy devices from so many different manufacturers with varying degrees of cybersecurity savvy.

"It's not too surprising to me that there'll be cybersecurity flaws since many of the devices on the market were not designed with security requirements from the get-go," he says.

One major problem, Fu says, is that such devices have a very long lifecycle and that security wasn't really on the radar 15 years ago. Some healthcare systems are dealing with the problems of vulnerable designs by exercising "the power of the purse."

Security vulnerabilities of medical devices, especially as the Internet of Things grows, is a rising concern in the healthcare industry. Two security researchers recently found thousands of medical devices vulnerable to attack and left exposed online, including anesthesia devices, infusion systems, pacemakers and more.

Device makers also are grappling with how to apply older laws, such as HIPAA and federal privacy standards, to the use of new technology, Anna Spencer, a partner and team leader for health information policy in law firm Sidley Austin, also pointed out recently.

To learn more:
- listen to the interview