Just as the transition from paper to electronic health records left hospitals vulnerable to cyberattacks, medical devices with wireless capabilities are expected to become a prime target for hackers.
Hospitals are coming off a record-setting year of EHR breaches and continue to face an ongoing barrage of threats. Although hackers have not launched a successful attack on healthcare devices yet, the patient safety implications of an attack have made cybersecurity a priority among device manufacturers, hospital CISOs and the FDA.
RELATED: HIMSS 2017—FDA debunks 4 medical device cybersecurity myths
“The medical device industry, I would say in the last two-and-a-half years or so, has gone from general understanding of the issue, general participation to extreme awareness and participation in cybersecurity efforts," Zach Rothstein, associate vice president at the Advanced Medical Technology Association, told The Hill.
Michael McNeil, Global product security and services officer at Royal Philips, addressed some of the cybersecurity risks device manufacturers face during a House subcommittee hearing earlier this month, highlighting the value of public-private partnerships and information sharing within the industry. McNeil told lawmakers it was critical for manufacturers to stay on top of emerging threats during each stage of a device’s life cycle.
RELATED: FDA to med device makers: We must work together on security
In the past year, Johnson & Johnson and St. Jude Medical have dealt with cybersecurity vulnerabilities linked to insulin pumps and cardiac devices. Although both companies said hackers did not successfully access the devices, the industry is likely to face mounting pressure when hackers figure out how to monetize an attack, perhaps with a form of ransomware that has already been used against providers.
As the threat of hacking intensifies, so too will the liability risks, Melissa Markey, a technology and cybersecurity lawyer at Hall Render, told The Hill. In response, the industry may take a cue from vaccine manufacturers and create a national compensation program.
"There are some people who hack because this is a money-making opportunity, and there will be people who figure out how to hack medical devices in order to make money," she said.