Sean Fenske, Editor-in-Chief11.01.23
It was only two Editor’s Letters ago when I was speaking about the digital transformation. In that issue, I specifically referred to conversations and encounters I had at the 2023 HIMSS event earlier this year. There were numerous positive aspects of that event and the future for healthcare’s digital future seemed bright. The transition plan was in good hands, as I mentioned in that write-up.
Fast-forward to The MedTech Conference—AdvaMed’s annual meeting—and you couldn’t throw a rock without hitting someone talking about digital health, artificial intelligence (AI), GenAI, data, cybersecurity, and ultimately, figuring out the best way to serve the true end customer—the patient—with a digital solution. It was yet another positive dynamic for a shift; that’s not a matter of if, but really a question of when or at least how long this transformation will take before those futuristic views become reality).
Last week (from the time I’m writing this) at MPO’s very own MPO Summit event, we had several sessions examining the digital health shift, challenges involved, and what we still need to address.
During our event, the chips shortage was mentioned (how improvements have been made and how the U.S. preparing to develop chips manufacturing is a good thing) and the future of digital health was deemed bright. Of course, we also had some “tough talk” about how many in the industry still needed to get more serious about cybersecurity and the threats around it.
Regardless of your outlook on the digital landscape, it’s undoubtedly the direction healthcare is headed, so it’s important to meet the challenges head on. As a result, there’s one item on my annual New Year’s Resolution list for 2024, because I still think its importance is underappreciated. Based on some of the discussions during the sessions at The MedTech Conference and the MPO Summit, I’m not that far off.
Cybersecurity is the sole item on my list this year. It is one of the fastest evolving aspects of the digital transformation for the medtech industry. A few years ago, FDA seemed to be a little lost in terms of the importance of this problem. Now, the agency has gained significant knowledge concerning cybersecurity, is releasing guidance documents to address it, and soon will deem it a cause for device review rejections—there are already cases of this.
I’ve been saying it for quite some time, but now is zero hour; if you are developing digital products and don’t have a plan for your cybersecurity apart from, “Who would want to hack that?” you had better be serious now. Your product will not make it through the FDA without such a plan, which includes ongoing updates to address new threats.
Unfortunately, this won’t be cheap. It will add costs to your product development, so it’s critical to truly analyze the benefits your desired digital capabilities will have. Is your feature a “must have” or a ”nice to have”? Does it make your device more vulnerable without adding true value? Companies must take a hard look at what types of digital products they produce and ensure they are up to the challenge of establishing cybersecurity.
This extends to their facilities, too. I’ve heard more than a handful of stories about companies being hacked and/or held for ransom, their data and systems made unavailable. Some fared better than others. Some had to pay the ransom, while others enlisted expert help to clean their systems. Those who prepared, of course, came out better than those without back-ups in place. But all of them paid some sort of price for their lack of protection against cyber attacks.
Whenever speaking about cybersecurity, I can’t help but be reminded of conversations I’ve had with Mike Drues, my co-host of the “Mike on Medtech” show (part of the “Medtech Matters” podcast). When it comes to cyber attacks, a device manufacturer need not fear the hacker, or even the FDA. The real fear is for the liability lawyer who will name your company in a suit because you didn’t have adequate security in place for your device, which was hacked and a patient harmed.
Christopher Gates, director of product security at professional medical device engineering firm Velentium, had particularly valuable comments at the MPO Summit. During his panel, he told the audience to (I’m paraphrasing) have someone like his fellow panelist—Jennifer Samproni, chief technology officer for Health Solutions at Flex—as their CTO because she had a wonderful vision of what digital health could be and her aspirations of where the industry should be headed were wonderful. But have someone like him in the trenches; getting dirty, ensuring the cybersecurity portion was solid and working to keep out attacks.
I hope you’re heeding that advice.
Sean Fenske, Editor-in-Chief
sfenske@rodmanmedia.com
Fast-forward to The MedTech Conference—AdvaMed’s annual meeting—and you couldn’t throw a rock without hitting someone talking about digital health, artificial intelligence (AI), GenAI, data, cybersecurity, and ultimately, figuring out the best way to serve the true end customer—the patient—with a digital solution. It was yet another positive dynamic for a shift; that’s not a matter of if, but really a question of when or at least how long this transformation will take before those futuristic views become reality).
Last week (from the time I’m writing this) at MPO’s very own MPO Summit event, we had several sessions examining the digital health shift, challenges involved, and what we still need to address.
During our event, the chips shortage was mentioned (how improvements have been made and how the U.S. preparing to develop chips manufacturing is a good thing) and the future of digital health was deemed bright. Of course, we also had some “tough talk” about how many in the industry still needed to get more serious about cybersecurity and the threats around it.
Regardless of your outlook on the digital landscape, it’s undoubtedly the direction healthcare is headed, so it’s important to meet the challenges head on. As a result, there’s one item on my annual New Year’s Resolution list for 2024, because I still think its importance is underappreciated. Based on some of the discussions during the sessions at The MedTech Conference and the MPO Summit, I’m not that far off.
Cybersecurity is the sole item on my list this year. It is one of the fastest evolving aspects of the digital transformation for the medtech industry. A few years ago, FDA seemed to be a little lost in terms of the importance of this problem. Now, the agency has gained significant knowledge concerning cybersecurity, is releasing guidance documents to address it, and soon will deem it a cause for device review rejections—there are already cases of this.
I’ve been saying it for quite some time, but now is zero hour; if you are developing digital products and don’t have a plan for your cybersecurity apart from, “Who would want to hack that?” you had better be serious now. Your product will not make it through the FDA without such a plan, which includes ongoing updates to address new threats.
Unfortunately, this won’t be cheap. It will add costs to your product development, so it’s critical to truly analyze the benefits your desired digital capabilities will have. Is your feature a “must have” or a ”nice to have”? Does it make your device more vulnerable without adding true value? Companies must take a hard look at what types of digital products they produce and ensure they are up to the challenge of establishing cybersecurity.
This extends to their facilities, too. I’ve heard more than a handful of stories about companies being hacked and/or held for ransom, their data and systems made unavailable. Some fared better than others. Some had to pay the ransom, while others enlisted expert help to clean their systems. Those who prepared, of course, came out better than those without back-ups in place. But all of them paid some sort of price for their lack of protection against cyber attacks.
Whenever speaking about cybersecurity, I can’t help but be reminded of conversations I’ve had with Mike Drues, my co-host of the “Mike on Medtech” show (part of the “Medtech Matters” podcast). When it comes to cyber attacks, a device manufacturer need not fear the hacker, or even the FDA. The real fear is for the liability lawyer who will name your company in a suit because you didn’t have adequate security in place for your device, which was hacked and a patient harmed.
Christopher Gates, director of product security at professional medical device engineering firm Velentium, had particularly valuable comments at the MPO Summit. During his panel, he told the audience to (I’m paraphrasing) have someone like his fellow panelist—Jennifer Samproni, chief technology officer for Health Solutions at Flex—as their CTO because she had a wonderful vision of what digital health could be and her aspirations of where the industry should be headed were wonderful. But have someone like him in the trenches; getting dirty, ensuring the cybersecurity portion was solid and working to keep out attacks.
I hope you’re heeding that advice.
Sean Fenske, Editor-in-Chief
sfenske@rodmanmedia.com