• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

Medical Device Cybersecurity Compliance Key to Avoiding Costly Litigation

by Fred Pennic 03/10/2017 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Top 5 Technology Trends in the Medical Devices Market

As more medical devices are connected to networks and the internet, or feature wireless capabilities, discussions related to the security of these devices are heating up. Not only are there real concerns about the ability of hackers to access protected data via these devices, thus causing major data breaches, there is also a growing concern about the potential for an attack on connected medical devices to cause patient injury. 

In fact, concern about the safety of these interoperable medical devices is so great that the FDA has released guidance for device developers and manufacturers related to their cybersecurity.

What Is the Risk?

Just a few years ago, former Vice President Dick Cheney made headlines when he dismantled the wireless capabilities of his pacemaker out of concern that the device could be used as a means of assassination. While some scoffed at the action as an overabundance of concern (or even paranoia), experts noted that the possibility of a connected pacemaker to be hacked is quite real.

In other words, any medical device that is connected to a network, whether implantable or external, could potentially be attacked and used to harm an individual. Just imagine the potential harm that could come when medical devices are intentionally (or even accidentally) infected with malware. A malfunctioning device like a pacemaker could lead to serious injury or even death.

While as of now, there haven’t been any documented cases of such attacks taking place, medical device manufacturers and government agencies are concerned, and working to establish protocols to prevent such attacks. Device manufacturers in particular are concerned, since failing to adequately secure a device could lead to costly litigation on behalf of injured patients.

The FDA Guidelines

In response to the cybersecurity risks, the FDA has drafted guidelines for device manufacturers designed to address cybersecurity concerns during premarket submissions. The guidelines fall into two categories:

1. Identify and protect and

2. Detect, respond and recover

The first category of guidelines focuses on manufacturers’ responsibility to identify and address potential risks before the device is released to the public. Manufacturers must identify and address potential vulnerabilities while still maintaining usability. Most importantly, the manufacturer must be able to explain and justify all its security decisions.

The second category of protocols is designed to address the manufacturer’s response in the event of a cyberattack. The FDA expects devices to have the ability to detect and respond to attacks in real time, and for there to be a plan of action for not only safeguarding the device’s ability to function, but also for informing patients of the attack and providing an action plan, which may include a recall. (For more information on product recalls and when they take place, this personal injury lawyer in San Antonio has an excellent resource.) The overall focus should be on protecting the consumer from serious injury, as well as keeping data safe from unauthorized access. 

Nonbinding Guidelines

Currently, the FDA guidelines regarding cybersecurity are non-binding, meaning that device manufacturers are not required to comply with all of them in order to gain approval. That being said, the general assumption is that the guidelines will become the standard in premarket submissions, and manufacturers who fail to comply will not receive FDA approval.

In the event that a device is approved despite not following all the guidelines, the manufacturer is leaving itself open to costly lawsuits should there be a failure, even with a subsequent recall.

What Device Manufacturers Should Do

In the interest of minimizing the cybersecurity risk of a medical device, manufacturers should make cybersecurity a priority at every stage of development, both in the pre-approval and post-market phases.  Not only should devices be designed and monitored to prevent breaches, and cybersecurity be a consideration throughout the lifecycle of the device, but there also needs to be guidance for all stakeholders (sales and marketing, physicians, patients, etc.) regarding the risks of a connected device and the potential threats to privacy and safety.

Connected medical devices can improve the overall delivery of healthcare and improve patient outcomes. However, as the threat landscape becomes more sophisticated, so must device manufacturers protections against attacks to prevent serious product liability and privacy litigation.

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: Medical Device Cybersecurity

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

 Selecting the Right EMR: A Practical Guide to Streamlining Your Practice and Enhancing Patient Care

Selecting the Right EMR: A Practical Guide to Streamlining Your Practice and Enhancing Patient Care

Featured Interview

Virta Health CEO: GLP-1s Didn’t Kill Weight Watchers, Its Broken Model Did

Most-Read

Beyond the Hype: Building AI Systems in Healthcare Where Hallucinations Are Not an Option

Beyond the Hype: Building AI Systems in Healthcare Where Hallucinations Are Not an Option

Health IT Sector Navigates Policy Turbulence with Resilient M&A

Health IT’s New Chapter: IPOs Return, Resilient M&A, Valuations Rise in 1H 2025

PwC Report: US Medical Cost Trend to Remain Elevated at 8.5% in 2026

PwC Report: US Medical Cost Trend to Remain Elevated at 8.5% in 2026

Philips Launches ECG AI Marketplace, Partnering with Anumana to Enhance Cardiac Care with AI-Powered Diagnostics

Philips Launches ECG AI Marketplace, Partnering with Anumana to Enhance Cardiac Care with AI-Powered Diagnostics

WeightWatchers Emerges from Bankruptcy, Launches New Menopause Program

WeightWatchers Emerges from Bankruptcy, Launches New Menopause Program

CMS Finalizes New Interoperability and Prior Authorization Rule

CMS Proposes 2026 Physician Fee Schedule Rule: Boosting Primary Care, Cutting Waste, and Modernizing Payments

Beyond SaaS: How Agent as a Service is Transforming Healthcare Automation

Beyond SaaS: How Agent as a Service is Transforming Healthcare Automation

New Strategies Needed: No Surprises Act and the Challenges for Payors with Provider Data Inaccuracies

Samsung Acquires Xealth to Accelerate Connected Care Vision

Samsung Acquires Xealth to Accelerate Connected Care Vision

AI Dominates Digital Health Investment in First Half of 2025

Rock Health Report: AI Dominates Digital Health Investment in First Half of 2025

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |