• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Life Sciences
  • Investments
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage

Medical Device Cybersecurity Compliance Key to Avoiding Costly Litigation

by Fred Pennic 03/10/2017 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Top 5 Technology Trends in the Medical Devices Market

As more medical devices are connected to networks and the internet, or feature wireless capabilities, discussions related to the security of these devices are heating up. Not only are there real concerns about the ability of hackers to access protected data via these devices, thus causing major data breaches, there is also a growing concern about the potential for an attack on connected medical devices to cause patient injury. 

In fact, concern about the safety of these interoperable medical devices is so great that the FDA has released guidance for device developers and manufacturers related to their cybersecurity.

What Is the Risk?

Just a few years ago, former Vice President Dick Cheney made headlines when he dismantled the wireless capabilities of his pacemaker out of concern that the device could be used as a means of assassination. While some scoffed at the action as an overabundance of concern (or even paranoia), experts noted that the possibility of a connected pacemaker to be hacked is quite real.

In other words, any medical device that is connected to a network, whether implantable or external, could potentially be attacked and used to harm an individual. Just imagine the potential harm that could come when medical devices are intentionally (or even accidentally) infected with malware. A malfunctioning device like a pacemaker could lead to serious injury or even death.

While as of now, there haven’t been any documented cases of such attacks taking place, medical device manufacturers and government agencies are concerned, and working to establish protocols to prevent such attacks. Device manufacturers in particular are concerned, since failing to adequately secure a device could lead to costly litigation on behalf of injured patients.

The FDA Guidelines

In response to the cybersecurity risks, the FDA has drafted guidelines for device manufacturers designed to address cybersecurity concerns during premarket submissions. The guidelines fall into two categories:

1. Identify and protect and

2. Detect, respond and recover

The first category of guidelines focuses on manufacturers’ responsibility to identify and address potential risks before the device is released to the public. Manufacturers must identify and address potential vulnerabilities while still maintaining usability. Most importantly, the manufacturer must be able to explain and justify all its security decisions.

The second category of protocols is designed to address the manufacturer’s response in the event of a cyberattack. The FDA expects devices to have the ability to detect and respond to attacks in real time, and for there to be a plan of action for not only safeguarding the device’s ability to function, but also for informing patients of the attack and providing an action plan, which may include a recall. (For more information on product recalls and when they take place, this personal injury lawyer in San Antonio has an excellent resource.) The overall focus should be on protecting the consumer from serious injury, as well as keeping data safe from unauthorized access. 

Nonbinding Guidelines

Currently, the FDA guidelines regarding cybersecurity are non-binding, meaning that device manufacturers are not required to comply with all of them in order to gain approval. That being said, the general assumption is that the guidelines will become the standard in premarket submissions, and manufacturers who fail to comply will not receive FDA approval.

In the event that a device is approved despite not following all the guidelines, the manufacturer is leaving itself open to costly lawsuits should there be a failure, even with a subsequent recall.

What Device Manufacturers Should Do

In the interest of minimizing the cybersecurity risk of a medical device, manufacturers should make cybersecurity a priority at every stage of development, both in the pre-approval and post-market phases.  Not only should devices be designed and monitored to prevent breaches, and cybersecurity be a consideration throughout the lifecycle of the device, but there also needs to be guidance for all stakeholders (sales and marketing, physicians, patients, etc.) regarding the risks of a connected device and the potential threats to privacy and safety.

Connected medical devices can improve the overall delivery of healthcare and improve patient outcomes. However, as the threat landscape becomes more sophisticated, so must device manufacturers protections against attacks to prevent serious product liability and privacy litigation.

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: Medical Device Cybersecurity

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Interview

Reach7 Diabetes Studios Founder Chun Yong on Reimagining Chronic Care with a Concierge Medical Model

Most-Read

Epic Launches Comet: A New AI Platform to Predict Patient Health Journeys

Epic Launches Comet: A New AI Platform to Predict Patient Health Journeys

Preparing for the ‘Big Beautiful Bill’: How Digitization Can Streamline Medicaid Eligibility & Social Care Delivery

Preparing for the ‘Big Beautiful Bill’: How Digitization Can Streamline Medicaid Eligibility & Social Care Delivery

Evernorth Health Services Invests $3.5B in Shields Health Solutions

Evernorth Health Services Invests $3.5B in Shields Health Solutions

KLAS Report: Oracle Health Faces Customer Losses and Declining Satisfaction

KLAS Report: Oracle Health Faces Customer Losses and Declining Satisfaction

Tempus AI Acquires Digital Pathology Leader Paige for $81.25M

M&A:Tempus AI Acquires Digital Pathology Leader Paige for $81.25M

Mira Launches Ultra4™, the First At-Home Hormone Monitor with Lab-Quality Insights

Femtech: Mira Launches Ultra4™, the First At-Home Hormone Monitor with Lab-Quality Insights

How Healthcare CIOs Can Solve the Unstructured Data Crisis and Reduce Storage Costs

How Healthcare CIOs Can Solve the Unstructured Data Crisis and Reduce Storage Costs

Healthcare C-Suite Acknowledges AI Potential but Lacks Trust

Sage Growth Partners Report: Healthcare C-Suite Acknowledges AI Potential but Lacks Trust

EVERSANA and Waltz Health Merge to Redefine Pharmaceutical Commercialization

EVERSANA and Waltz Health Merge to Redefine Pharmaceutical Commercialization

Advancing Diabetes Care: Combating Burnout and Harnessing Technology

Advancing Diabetes Care: Combating Burnout and Harnessing Technology

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |