This article originally appeared in Healthcare Analytics News. Click the link below for the full version.
The U.S. Food and Drug Administration’s recently released guidelines on medical device security serve as a framework for healthcare providers to plan for and remediate cybersecurity threats and incidents. The FDA’s guidance is largely focused on how to respond to disruptive attacks once they occur. However, it’s equally critical to consider preventive measures that require pre-emptive action during the design phase of devices — with responsibility placed in the hands of the manufacturer.
Whether it’s a 12-year-old hacker or a nation state, the threat of device takeover is real. Devices that have historically operated by accessing a closed Ethernet are now connected over a hospital network — always live and always transmitting data. These open networks allow manufacturers to make remote updates to connected IoT devices around the world, but with this on-demand connectivity come gaps in security. As technology avails and evolves, many electronic medical devices will collect important patient data and transmit that data over an open network. For device manufacturers, this means that it’s no longer simply about building great hardware — today’s devices are defined by their software.