FDA’s Use of “White Hat” Hacking Tools May Thwart Medical Device Cyber Threats

As healthcare organizations across the country continue to face cybersecurity threats, medical device security remains a top priority at the FDA. The FDA’s 2018 Medical Device Safety Action Plan included a number of steps to fight cyber threats such as mandating that medical device manufacturers build security updates and patch capabilities into their products as well as outlining procedures allowing for quick and organized disclosures of medical device vulnerabilities.

However, one approach to attacking healthcare cyber crime that has been less talked about—but that may be uniquely positioned to combat medical misinformation—is the FDA’s attempts to integrate “white hat” hacking techniques into its overall cybersecurity program.

Become a Subscriber

Please purchase a subscription to continue reading this article.

Subscribe Now

In an article in JAMA Viewpoint, former FDA Commissioner Robert Califf and Eric Perakslis of Duke University School of Medicine argued that the FDA can improve the chances that digital health and medical device technology can remain safe and secure by utilizing the same tools used by malicious hackers: “By adopting the toolsets used by their potential adversaries, it is likely that the FDA has significantly improved the likelihood that internet-connected medical devices will remain safe and resilient for patients by employing countertactics tailored to meet specific threats.”

The FDA is actively encouraging the use of white hat techniques by launching its #WeHeartHackers and urging medical device makers to join with cybersecurity researchers at international hacking conference DEF CON’s Biohacking Village in Las Vegas on August 8 – 11.

Both Califf and Perakslis agree that this approach is a necessary step in counteracting the potential of death or disability caused by the spread of misleading medical information. For example, Califf and Perakslis point to the misinformation surrounding vaccines that has led to the current outbreaks of measles in New York and the distortions about the efficacy of certain medications that causing some to avoid drugs that have been shown effective, such as chemotherapy for cancer or statins for coronary artery disease.

Ultimately, Califf and Perakslis conclude: "The wider medical and scientific establishment should follow the lead of the FDA’s #WeHeartHackers strategy and embrace the use of white hat techniques to confront medical misinformation."