Medical device cybersecurity is a term used to classify the tools and mechanisms that prevent cyber attackers from gaining unauthorized access to or control over medical devices and the data they generate.
What is IoMT?
Smart monitoring medical devices are part of Internet of Medical Things— the types of medical devices that send patient’s information to healthcare professionals via internet connection. IoMT devices allow rapid and flexible analysis of medical data by updating doctors about the state of patients glucose, temperature, or heart rate automatically without having to schedule a visit.
IoMT is big. According to a recent Deloitte survey, the overall IoMT market is expected to grow from $41 billion in 2017 to $158 billion by 2022. As the Internet of Medical Things industry grows, it is important to be aware of the possible threats that transmitting patient information through smart devices can represent, and how medical devices cybersecurity is protecting and controlling who receives the data.
While Internet-connected medical devices are revolutionizing the way healthcare providers monitor and treat patients, the digital and automatically generated data also creates opportunities for attackers to try to steal highly personal information by executing cybersecurity attacks, holding patient information hostage, or even trying to interfere with the device by controlling it remotely.
Smart medical devices store and generate patient information through the combination of sensory inputs and software. The types of data stored can include personally identifiable information (PII), protected health information (PHI) or payment card industry (PCI) data. Cyber attackers may try to gain access with the purpose of withholding valuable information from healthcare providers, hospitals or insurance companies, forcing them to pay a ransom to regain access to it.
According to the National Vulnerability Database, 18,353 vulnerabilities were reported in 2020. That’s almost 3 times the volume of vulnerabilities reported five years ago, and higher than any year in the previous two decades.
Having a cybersecurity defense plan for medical devices is critical for any organization that uses the internet of medical things, or IoMT, to assist in healthcare operations. The U.S. Food and Drug Administration (FDA) regulates medical devices and works hawkishly to reduce cybersecurity risks. The FDA shares this responsibility with device manufacturers, hospitals, health care providers, security researchers, and other government agencies.
If the FDA finds a weakness in software or hardware that could pose a risk, it may issue a safety communication: a recommendation with data about the vulnerability detected as well as recommended actions patients, providers and manufacturers can take to protect their information.
The future of medical cybersecurity
Medical device manufacturers play an essential role in protecting the infrastructure of global healthcare. As we move into a more connected medical future and ensure products are used safely and securely, manufacturers must take an active role in sharing information about the latest emerging threats, new vulnerabilities in technologies, and what patients can do to stay safe.