May 16, 2017

Global cyberattack could have targeted medical devices

David Phillips / AP

Sapient Health's David Nickelson explains how the recent global cyber ransomware attack on hospital IT systems "is just the tip of the iceberg" when it comes to hacking opportunities in the health care industry, per the Harvard Business Review. Nickelson argues that cyber attacks on implanted or wearable medical devices are a much more serious threat.

The takeaways:

  • "Researchers in Belgium and the U.K. have demonstrated that it's possible to transmit life-threatening (if not fatal) signals to implanted medical devices such as pacemakers, defibrillators, and insulin pumps."
  • The electronic medical device market is estimated to hit $398 billion this year alone, but hospital IT networks "remain slow to address longstanding cybersecurity challenges that raise both privacy and potentially fatal health concerns."
  • Another red flag: older devices manufactured prior to 2014 — when the FDA issued its guidance — that aren't equipped with the updated software.

Nickelson's advice for reducing cyber risks:

  • "Asses device cybersecurity during procurement"; "Require basic cyber hygiene"; "Proactively access risks and patch vulnerabilities"; and "Stay alert and informed."
  • Start imposing penalties for noncompliance so that more attention is given to cybersecurity.
Go deeper