spk-logo-white-text-short2
0%
1-888-310-4540 (main) / 1-888-707-6150 (support) info@spkaa.com
Select Page

Four Steps to Securing Your Company’s Medical Devices

Four Steps to Securing Your Company’s Medical Devices
Written by Mike Solinap
Published on November 7, 2018

Connected medical devices offer enormous opportunity for manufacturers and consumers alike. They also carry the burden of increased risk due to cybersecurity flaws. Think about the dangers of having your email or bank account hacked. Now consider the damage hacking a connected medical device or the information stored from it can do.

Medical information is some of the most sensitive information most people have. However, it’s not just the potential consequences of a database hack users of connected devices need to worry about. It’s also the spectre of an attack on the device itself — an attack that could easily be deadly.

Current FDA Guidelines

There’s already FDA guidelines for connected medical devices, most recently updated in October 2018 with its Medical Device Cybersecurity Playbook developed with Mitre. The guidance seeks to prevent both unauthorized access to data and protect the security of the device itself. There are a number of steps to protect end users, as well as company reputation:

  • Identification: Threats and vulnerabilities to assets should be identified prior to manufacturing a device.
  • Assessment: Both the impact of a threat and the likelihood of a threat must be assessed.
  • Design: Balancing risk against mitigation, you must design a device meeting FDA standards to protect your end users.
  • Monitoring: Your company must also monitor potential threats after the device goes to market to ensure the continued safety of the device.

Medical device security isn’t an abstract problem. In October 2018, Medtronic Plc disabled all downloadable updates to connected pacemakers citing security issues. On a wider scale, the British National Health Service was effectively crippled by the WannaCry ransomware in April of the same year. Former Vice President Dick Cheney had his pacemaker disabled for fear of a hack.

It’s worth noting that every point of connectivity in a medical device is a potential place for hackers to access a device. This is why the FDA has stringent standards for connected devices. In our next blog post we will discuss what to expect when going through your 510k approval process.

Next Steps

Latest White Papers

Which of CISA’s Six Types of SBOMs Are Right for You?

Which of CISA’s Six Types of SBOMs Are Right for You?

Are you interested in different types of SBOMs, but not sure which is right for you? Dive into this eBook to explore six different kinds of SBOMs and when to use them. What You Will Learn In this eBook, you will explore: Six kinds of SBOMs Which SBOM is best for you...

Related Resources

A Checklist to Optimizing Cloud for Engineering Teams

A Checklist to Optimizing Cloud for Engineering Teams

Is your engineering team truly optimizing the cloud—or just getting by?The cloud holds enormous potential for accelerating innovation, streamlining workflows, and reducing time to market.  But many engineering teams struggle to navigate the complexity of cloud...

Empowering Cloudticity’s Team with Atlassian Training

Empowering Cloudticity’s Team with Atlassian Training

When Cloudticity first purchased Atlassian licensing, their teams were using tools such as Confluence and Opsgenie for information tracking and critical alerts. However, the main tools they were using for task management and ticketing were not under the Atlassian...

An Executive’s Guide to Strengthening Software Supply Chain Security

An Executive’s Guide to Strengthening Software Supply Chain Security

Modern software is assembled from a complex web of components, contributors, and tools, both internal and external. While this modularity accelerates development, it also expands the attack surface. For executives, a single breach in the software supply chain can...