Medical devices, like other computer systems, can be vulnerable to security breaches, potentially impacting the safety and effectiveness of the device. This vulnerability increases as medical devices are increasingly connected to the internet, hospital networks and to other medical devices.

All medical devices carry a certain amount of risk. The United States Food and Drug Administration (USFDA) allows devices to be marketed when there is a reasonable assurance that the benefits to patients outweigh the risks.

While the increased use of wireless technology and software in medical devices also increases the risks of potential cybersecurity threats, these same features also improve healthcare and increase the ability of healthcare providers to treat patients.

Among its recommendations for mitigating and managing cybersecurity threats, the USFDA suggests that medical device manufacturers remain responsible for, and vigilant about, identifying risks and hazards associated with their medical devices, including risks related to cybersecurity.

Network security

They are responsible for putting appropriate mitigations in place to address patient safety risks and ensure proper device performance. Hospitals and healthcare facilities should evaluate their network security and protect their hospital systems.

Some of the efforts undertaken by the USFDA include two safety communications discussing the cybersecurity vulnerabilities of two Hospira Infusion Pump Systems in May 2015.

It issued a communication on security vulnerabilities of Hospira LifeCare PCA3 and PCA5 Infusion Pump Systems after an independent researcher pointed them out.

The researcher confirmed that it was possible to access the infusion system remotely through a hospital’s network.

Source: USFDA

Related Topics
comment COMMENT NOW