In today’s hyper interconnected environment, cyberattacks can affect almost anyone. In business, practically all sectors and all business units use some type of software, and hackers are aggressive in probing for vulnerabilities and ways to penetrate organizations.
It’s by no surprise that they have been targeting the healthcare sector primarily because of how lucrative patient data is. Hackers can readily sell this data on the black market and command a rich premium.
Recently, however, medical devices have also become a target given how interconnected they are with other healthcare technology. Moreover, old medical devices remain prevalent and where there’s outdated technology there are many vulnerabilities and easy ways hackers can tinker with the device and infiltrate other connected systems.
The FDA has been under pressure to begin testing medical devices for cybersecurity. “The FDA recently recalled Abbott’s RF-enabled implantable cardioverter defibrillators (ICDs) and cardiac resynchronization therapy defibrillators (CRT-Ds),” GlobalData medical device analyst David Brown reports, “after a potential vulnerability was discovered that would allow an attacker to access the devices and rapidly deplete their battery stores or even issue improper cardiac pacing commands.”
“During the WannaCry Ransomware attack on the NHS in 2017, tens of thousands of appointments were cancelled and there were reports of ambulances being diverted to other facilities,” he comments. “While this likely didn’t cause much more than an annoyance for most, it is entirely possible that patient safety could be put at risk, especially if optimal ambulance routes are not able to be used.”
One corporation is serving as a key partner to the FDA, along with MITRE Corporation last year in October, the FDA launched a cybersecurity ‘playbook’ for healthcare providers with the aim of promoting cybersecurity safety. In addition, they announced two agreements which will unite multiple stakeholders to encourage transparency and data sharing around cybersecurity risks.
“While the document outlines a very high level process it does focus on a few key areas that must be focused on by healthcare providers at all levels,” Brown says. “Most vulnerabilities that are exploited come from out-of-date software, old equipment, and improperly designed IT and network systems. I see this playbook as a good start to a change in healthcare culture that takes cybersecurity seriously at all levels of care.”