Medical device security efforts ramp up
October 4, 2013 in Medical Technology
A non-profit organization focused on Internet security is looking to develop a set of benchmarks to protect medical devices from potentially fatal cyber attacks.
Officials with the Center for Internet Security said the benchmarks would help device manufacturers and healthcare providers protect such devices as insulin pumps, pacemakers and defibrillators from being hacked or damaged by malware.
“The technological advancements that enable healthcare providers to embed life-saving devices and treat patients remotely are tremendous. We must do everything we can to protect those devices and the patients who rely on them,” said William F. Pelgrin, CIS’ president and CEO, in a news release.
Rick Comeau, CIS’ executive director of security benchmarks, said the 13-year-old, New York-based organization, which addresses cyber security and response in a number of industries, ramped up its efforts in the healthcare sector when the Food and Drug Administration issued an alert last June on device security.
“That really elevated things from hypothetical to a concern,” he said.
At present, CIS has issued a request for information to medical device makers to participate in the development of security control guidelines. The group hopes to post benchmarks for insulin infusion pump technologies by the end of the year, and add new benchmarks for other devices in time.
“We put insulin infusion pumps out there, but we could have put any type of life-saving device out there first,” said Comeau. ‘Our intention right now is to get their attention … and expand the pool of collaboration (and) find the synergies.”
According to CIS officials, healthcare providers are beginning to routinely access implanted medical devices over the Internet, enabling them to manage the device and monitor and treat patients remotely. However, recent safety notices issued by the FDA and the Industrial Control Systems Cyber Emergency Response Team have pointed out that hardcoded password vulnerabilities have been found in as many as 300 medical devices.
“Cybersecurity threats and vulnerabilities continue to represent increasing concerns for medical devices,” said Deborah Kobza, executive director of the National Health Information Sharing and Analysis Center, which is partnering with CIS in the initiative. “The Center for Internet Security’s initiative provides healthcare stakeholders with a defining voice to help protect medical device confidentiality, integrity and availability and public health safety. The National Health ISAC is excited to help support this important initiative.”