• COVID-19
  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • Artificial Intelligence
    • Blockchain
    • Mobile Health
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage

Do We Know When Medical Devices Fail?

by Leon Lerman, Cynerio Co-Founder and CEO 01/20/2020 Leave a Comment

Do We Know When Medical Devices Fail?
Leon Lerman, Cynerio Co-Founder, and CEO

Since 2015, the FDA and the US Department of Homeland Security have been releasing warnings about products that due to their vulnerabilities threaten patient safety. This includes MRI machines and drug infusion pumps that supply patients with a wide diversity of drugs, including insulin, antibiotics, chemotherapy drugs, and pain relievers.  The interconnectivity of smart devices with medical clinical systems leaves them vulnerable to security breaches just like any other networked computing system.  If hackers succeed in tampering with medical devices, patient safety is at risk. 

Why Are Medical Devices Vulnerable?

Because updating equipment can be complicated with long delays before receiving patches and finding a convenient time to apply them, many hospitals are still running legacy operating systems that are no longer supported. Many medical devices have since been retrofitted so they can be networked, enabling data sharing in real-time with relevant systems for process automation and the ability to be managed remotely by vendors.   If a product is no longer receiving updates for known vulnerabilities, it could provide an entry or pivot point into a healthcare provider’s network putting patient safety and service availability at risk.  

Connected devices can also be adversely affected as a result of a hacker intruding into a hospital’s internal computer network to steal sensitive patient data.  WannaCry, a ransomware worm that resulted in more than $100 million dollars in damages and wasn’t even designed to target hospitals infected a  Bayer Medrad device used to help improve the quality of magnetic resonance imaging (MRI) scans.

In addition to having a direct impact on medical devices, over 19,000 appointments needed to be rescheduled.  A recent Vanderbilt study sound that was as many as 36 additional deaths per 10,000 heart attacks occurred annually at the hundreds of hospitals examined following a cybersecurity attack due to delays with treatments. For example, the researchers found that it took an additional 2.7 minutes for suspected heart attack patients to receive an electrocardiogram following cybersecurity attacks.

The risk is real and increasing all the time. Recently there were two FDA reports of devices presenting potential harm including Medtronic MiniMed™ insulin pumps, and telemetry technology used for communications between Medtronic’s implantable cardiac devices, clinic programmers, and home monitors that provide pacing for heart rhythms. Other vulnerabilities reported include Urgent/11 running on VX Works, EternalBlue running on Microsoft, NotPetya based on the same EternalBlue package as WannaCry, Sodinokibi malware running on Microsoft Win 7-10, and SACK Panic that resides in the TCP stack of the Linux kernels.  

In many cases, even a simple hacking into a hospital’s internal IT network can negatively impact medical device operations because they are so vulnerable. Hacking into a medical device doesn’t require sophisticated software or specialized expertise.  Two Austrian patients managed to tamper with their own infusion pumps to increase their dosage of morphine. 

Lack of Transparency

Not all device-related malfunctions are reported, so it’s difficult to know the full impact of malfunctioning devices on patient care. The FDA requires that device manufacturers report product defects but healthcare providers rarely effectively track their medical device performance.  As a result, device problems and their root causes are often not reported after they are deployed.  

In addition, the FDA has built and expanded a vast and hidden repository of reports on device-related injuries and malfunctions.  Since 2016, at least 1.1 million incidents have flowed into the internal “alternative summary reporting” repository, instead of being described individually in the public database known as MAUDE, which medical experts trust to identify problems that could put patients in jeopardy. Without full transparency, it is impossible to know how many of these devices’ faults were potentially due to tampering with the hospital’s internal network. 

Healthcare organizations also have practical challenges that can prevent full disclosure of device failures.  Overworked caregivers can often yank out a malfunctioning device and replace it without going through the recommended security procedures for investing the underlying causes of the problem. Due to medical device security falling between biomedical engineering and IT departments, it can be difficult to keep track of medical devices that have malfunctioned due to a security incident. Often institutions that have transparency into the impact of malfunctioning devices are not prepared to make this information public preventing the industry from having a realistic assessment of the full impact. 

There are steps healthcare organizations can take to have better visibility into medical device operations. Healthcare providers can maintain an up to date centralized repository of all their medical devices.  Automated systems can poll all the devices on the network to keep the inventory complete and up to date. The role of the device in clinical workflows can be included to analyze the full impact of a device malfunctioning on patient care and the protection of personal sensitive data.    In addition, the system can monitor communications between the devices on the hospital’s internal network to identify any anomalies which indicate there could be an intrusion.

Healthcare providers are becoming well aware that securing medical devices is a necessity.   Only after there are clear methods and systems in place for tracking and analyzing the cause of device failures can the full extent of the risk be known.  By having more visibility and better control over medical devices, health care organizations can better protect patient safety and ensure treatment continuity.  

About Leon Lerman

Leon brings over a decade of experience in cybersecurity enterprise sales, channel sales, and business development to establish Cynerio as a leading vendor in the healthcare cybersecurity space. Prior to Cynerio, Leon was the director of sales at Metapacket, where he led go-to-market strategy and execution. Prior to that, Leon held sales and sales engineering positions at RSA security, helping the largest enterprises in the region to solve their security problems. Leon served as an expert intelligence officer at 8200 in the Israel Defense Forces. 

RELATED:   Why Some COVID-19 Testing Protocols Aren’t What You Think

Tagged With: Biomedical Engineering, Cardiac Devices, Caregivers, clinical workflows, Cybersecurity, Cynerio, FDA, Heart, insulin, Malware, Medical Device, Medical Devices, Medtronic, Microsoft, Patient Care, patient safety, risk, Security Breaches, Telemetry

[ultimatesocial networks="facebook,twitter,google,linkedin,mail" url="" custom_class="us-posts-bottom" align="left" count="false"]

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

« Report: Epic Will Not Pursue Further Integration with Google Cloud
VA St. Louis to Provide Veterans with VR Therapy for Medical Conditions »

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Recent Articles

  • Cerner Leadership Changes, Other Key Executives Hires

    ... more
  • QGenda acquires Shift Admin – M&A

    QGenda Acquires Automated Provider Scheduling Platform Shift Admin – M&A

    ... more
  • Telehealth After COVID-19: What's Next for the Healthcare Industry?

    Transitioning from Traditional to E-Fax: How Healthcare Communications are Transforming Post-COVID

    ... more
  • FCC COVID-19 Telehealth Program Providers

    FCC Unveils 14 Initial Projects Selected for $100M Connected Care Pilot Program

    ... more

Most Read

  • CVS Health Launches Senior Medical Alert System, Symphony CVS Health Launches Senior Medical Alert System, Symphony
  • 30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021 30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021
  • 20 COVID-19 Predictions and Trends for 2021 - Executive Roundup 20 COVID-19 Predictions and Trends for 2021 – Executive Roundup
  • 20 COVID-19 Predictions and Trends for 2021 - Executive Roundup MEDITECH Launches Quick Vaccination Solution to Streamline COVID-19 Vaccination Process
  • ONC Issues First Health IT Standards Bulletin Discussing USCDI & SVAP ONC Issues First Health IT Standards Bulletin Discussing USCDI & SVAP
  • 16 COVID-19 Predictions and Trends for 2021 Executive Roundup 12-Available-COVID-19-Vaccine-Management-Solutions-to-Know-In-Depth-1 17 Recently Launched COVID-19 Vaccine Management Solutions to Know
  • FDA Approves COVID-19 Oral Fluid Test for Use Nationwide In-Depth: 32 FDA-Approved COVID-19 Testing Kits
  • COVID-19 Deferrals Lead to 3 Major Conditions Payers/Providers Must Address in 2021 COVID-19 Deferrals Lead to 3 Major Conditions Payers/Providers Must Address in 2021
  • 5G in Healthcare: 7 Advantages & Disadvantages for Providers to Know 5G in Healthcare: 7 Advantages & Disadvantages for Providers to Know
  • FCC COVID-19 Telehealth Program Providers FCC Unveils 14 Initial Projects Selected for $100M Connected Care Pilot Program

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • 2020 Editorial Calendar
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2021. HIT Consultant Media. All Rights Reserved. Privacy Policy |