Article May 27, 2020

Medical devices: Security vs innovation

Innovation in the medical sector holds phenomenal opportunities, particularly when you look at what might be possible as devices become more interconnected.

New ideas and smarter devices are improving outcomes for patients in many different sectors of the healthcare system. However, it does mean there is a greater responsibility for the manufacturers, and they must prepare for new exposures and risks.

Healthcare companies using these devices usually hold incredibly sensitive data on their customers, making them a prime target for extortion and ransomware. But as companies up their usage of interconnected devices, they’re also becoming vulnerable to the threat of far more sinister cyber attacks.

It’s possible that hackers could soon infiltrate the systems of warning aids designed to alert healthcare professionals of patient problems, to infusion pumps programmed to release drugs into a patient’s body. Surgeries too could become a target, with hackers seeking to hold surgeons to ransom by restricting access to vital devices in the middle of procedures.

In cases like these, hospitals will likely be the primary target. But they won’t face liability for these attacks alone. Manufacturers and suppliers may also be called into question and could take some blame for weaknesses in their devices.

As the market for interconnected medical devices grows, so too will the responsibility of manufacturers. We can expect companies operating in this sector to incorporate more vulnerability scans and security assessments into their design processes, and on an ongoing basis once products are in use. We could even see hackers being employed by the sector, providing a new perspective on potential vulnerabilities.

There’s no doubt that the potential benefits of smarter interconnected devices far outweigh the negative impact that weaknesses could have. However, manufacturers must do all they can to limit exposures, and protect patient safety.

Manufacturers should now be taking a long-term approach to the prevention of cyber attacks, providing ongoing support to the companies that use their products. Not only will this limit liability claims and reputational damage, it could also help healthcare professionals and their patients to avoid the catastrophic effects of a large-scale cyber attack.

A version of this article originally appeared in MobiHealthNews.