Ransomware attack demonstrates importance of medical device security

In May, 2017, the Wanna Cry ransomware impacted over 200,000 systems across over 150 different countries. These attacks seized control of computers and demanded payment in exchange for turning them back over to the victims. Most worrisome, the organizations affected included 47 trusts in the U.K.'s National Health Service, as well as hospitals in the U.S.

For makers of innovative medical products, this incident is a stark reminder of the importance of cybersecurity in today's highly connected healthcare ecosystems. The medical device design and development processes must take into account the constant and ever-evolving threats presented by hackers. Protecting the well-being and privacy of patients using wearable or implanted medical products is an essential task for manufacturers.

Understanding the dangers

Cybersecurity think tank the Ponemon Institute conducted a survey of 550 individuals working at medical device manufacturers or medical delivery organizations whose roles involve the security of devices. 67 percent of the respondents from manufacturers and 56 percent of those from HDOs said they considered an attack on a medical device their organizations built or used to be a likely possibility within the next year. Most were concerned about the devices not being tested frequently enough to find and address vulnerabilities before these attacks could occur.

According to the representatives of these companies, products remain at risk because of the time and costs involved in working out the complexities of secure coding and the challenges presented by production deadlines. As incorporating wearables into treatment and sharing data between devices become integral parts of clinical practice, it will only be more important to overcome these issues. Manufacturers that put forth the time and resources to ward off attacks and hacks will be positioned for long-term success in the industry.

Designing for security

It will require significant shifts in how many manufacturers routinely operate to continue gathering sensitive data in medical devices without major concerns about hackers. Every aspect of the development process, from the initial conception to the medical interface design, must take into account the ways devices are used in today's facilities and the risks to confidential patient information. The FDA has provided guidelines on best practices to protect data hygiene in new products and stay on top of long-term issues with device security.

Tracking vulnerabilities and working closely with cybersecurity experts will be essential to building devices that can meet not only today's threats but the ones that are coming next. Manufacturers must be especially aware of any risks to the health or privacy of patients and take action accordingly. Regular updates to the products in the form of software patches or other fixes is also a vital part of taking a proactive stance on stopping hackers.

The Wanna Cry attack brought cybersecurity to the forefront of the conversation about protecting patients and creating the next generation of medical devices. Organizations involved in medical product design and testing will face increasingly urgent calls for guarding systems against the determined, savvy individuals who are bent on seizing information or extorting money from healthcare providers. Manufacturers can play an important role in ensuring only the right people have control over medical data.