We Are at War
Medicine and healthcare are in a cyberwar with hackers. Mobile devices and large health-care databases are the targets. The weapons are patience, smart technology, and algorithms. Cybersecurity is the only defense, and outsourcing cybersecurity companies working in the medical field are mushrooming.
The digital revolution birthed the cybersecurity industry (CSI), but data miners give it momentum and gravitas. CSI spending is expected to reach $1 trillion globally over the next five years, with a 12 percent to 15 percent year-over-year growth. Hacking personal, corporate, medical and government systems, and smart devices is omnipresent. POTUS emails were hacked. SONY suffered financial losses after ideological cyber-attacks, and the 2016 Democratic Party convention turned from ardor to fractious after hacked email releases.
They Can Kill You over the Internet
On October 4, 2016, Jim Finkle of Reuters revealed the first manufacturer warning in the nation to wireless insulin pump diabetics that their mobile device is vulnerable to hacking. Makers of pacemakers and defibrillators also expressed concerns about their vulnerability to cyber-attacks.
The Food and Drug Administration (FDA) issued warnings in 2015 about cyber bugs in infusion pumps from Hospira. On January 22, 2016, the FDA issued draft guidance measures for “Postmarket Management of Cybersecurity in Medical Devices.”
Here are several proactive measures companies can take:
* Be transparent in assessing and sharing device vulnerabilities
* Invest in cybersecurity research and development to disclose unknown vulnerabilities, and build firewalls for protection for device interoperability
* Employ data encryption to secure data transfer from patients to doctors
* Cybersecurity professionals need to design cybersecurity methods for connecting wearable devices and change default device passwords regularly
* Engage physicians and federal regulators as partners for ensuring patient safety
Johnson & Johnson is working with cybersecurity outsourcers to prevent hackers from interfering with the delivery of unauthorized insulin injections. For instance, Internet communications of the device are currently not encrypted or scrambled.
Hacking is difficult, and J&J believes there is a low risk, but the company suggests changes to the
wireless asset of the device and limiting the maximum insulin dose.
Certify It Works; Certify It’s Safe
No patient wearing a mobile medical device has yet reportedly been harmed or killed by hacking of a mobile medical device. Yet no mobile medical device should be sold into the market until certified safe by a cybersecurity company.
Hackers are targeting the industry. They invade health-care and hospital databases. Eighty-five percent of medical practices and hospitals reported data breaches in 2014 costing millions of dollars in payments to hackers and cybersecurity specialists to repair breaches. One company allegedly paid a ransom for the return of breached files.
PwC, a private firm, expects $285 billion in devices will be Internet connected in the next four years. Security breaches are dangerous and costly, so medical device makers better partner with outsourcers to protect against their products’ vulnerability to hackers before the problems become unmanageable.