Explore the most recent editions of MPO Magazine, featuring expert commentary, industry trends, and breakthrough technologies.
Access the full digital version of MPO Magazine anytime, anywhere, with interactive content and enhanced features.
Join our community of medical device professionals. Subscribe to MPO Magazine for the latest news and updates delivered straight to your mailbox.
Explore the transformative impact of additive manufacturing on medical devices, including design flexibility and materials.
Learn about outsourcing options in the medical device sector, focusing on quality, compliance, and operational excellence.
Stay updated on the latest electronic components and technologies driving innovation in medical devices.
Discover precision machining and laser processing solutions that enhance the quality and performance of medical devices.
Explore the latest materials and their applications in medical devices, focusing on performance, biocompatibility, and regulatory compliance.
Learn about advanced molding techniques for producing high-quality, complex medical device components.
Stay informed on best practices for packaging and sterilization methods that ensure product safety and compliance.
Explore the latest trends in research and development, as well as design innovations that drive the medical device industry forward.
Discover the role of software and IT solutions in enhancing the design, functionality, and security of medical devices.
Learn about the essential testing methods and standards that ensure the safety and effectiveness of medical devices.
Stay updated on innovations in tubing and extrusion processes for medical applications, focusing on precision and reliability.
Stay ahead with real-time updates on critical news affecting the medical device industry.
Access unique content and insights not available in the print edition of the MPO Magazine.
Explore feature articles that delve into specific topics within the medical device industry, providing in-depth analysis and insights.
Gain perspective from industry experts through regular columns addressing key challenges and innovations in medical devices.
Read the editor’s thoughts on the current state of the medical device industry.
Discover the leading companies in the medical device sector, showcasing their innovations and contributions to the industry.
Explore detailed profiles of medical device contract manufacturing and service provider companies, highlighting their capabilities and offerings.
Learn about the capabilities of medical device contract manufacturing and service provider companies, showcasing their expertise and resources.
Watch informative videos featuring industry leaders discussing trends, technologies, and insights in medical devices.
Short, engaging videos providing quick insights and updates on key topics within the medical device industry.
Tune in to discussions with industry experts sharing their insights on trends, challenges, and innovations in the medical device sector.
Participate in informative webinars led by industry experts, covering various topics relevant to the medical device sector.
Stay informed on the latest press releases and announcements from leading companies in the medical device manufacturing industry.
Access comprehensive eBooks covering a range of topics on medical device manufacturing, design, and innovation.
Highlighting the innovators and entrepreneurs who are shaping the future of medical technology.
Explore sponsored articles and insights from leading companies in the medical device manufacturing sector.
Read in-depth whitepapers that explore key issues, trends, and research findings for the medical device industry.
Discover major industry events, trade shows, and conferences focused on medical devices and technology.
Get real-time updates and insights live from the CompaMed/Medica conference floor.
Join discussions and networking opportunities at the MPO Medtech Forum, focusing on the latest trends and challenges in the industry.
Attend the MPO Summit for insights and strategies from industry leaders shaping the future of medical devices.
Participate in the ODT Forum, focusing on orthopedic device trends and innovations.
Discover advertising opportunities with MPO to reach a targeted audience of medical device professionals.
Review our editorial guidelines for submissions and contributions to MPO.
Read about our commitment to protecting your privacy and personal information.
Familiarize yourself with the terms and conditions governing the use of MPOmag.com.
What are you searching for?
AdvaMed panel provides insight on the issue.
October 5, 2012
By: Niki Arrowsmith
NULL
There never has been a real-world case of medical device hacking. Yet concern is high, and that’s a good thing—proactivity when the stakes are this high certainly is better than reactivity. The medical device industry knows that in an age where wireless devices increasingly are being connected to central information centers, hacking not only is a possibility, but also a real risk. Regulators are paying attention to the issue as well. On Oct 3. at AdvaMed 2012 The Medtech Conference, a panel discussed the “hackable body” and whether this issue is one in which companies should be paying more attention. Moderating the panel was Arezu Sarvestani, west coast bureau chief of medical device news website MassDevice. Joining her were Dale Nordenberg, M.D., founder of the Medical Device Innovation, Safety and Security Consortium; Lynnette Sherrill, deputy director of the health information security division of the U.S. Department of Veterans Affairs; Brian Fitzgerald, deputy director of the electrical and software engineering division at the U.S. Food and Drug Administration’s (FDA’s) Center for Devices and Radiological Health (CDRH); and Santhosh Nair, general manager of the intelligent systems group at Wind River, a software company now owned by Intel Corporation. Although there has not been an actual case of medical device hacking, in October 2011 security software company McAfee Inc. revealed it had exposed a weakness in a Medtronic Inc. insulin pump by “ethically hacking” the device (performed specifically to demonstrate it could be done). This incident, and the rise in mobile health products, has prompted a close review of such devices and their security. Considering the facts, Sarvestani wanted to know the appropriate level of concern that should exist in the industry. Nordenberg outlined questions device manufacturers should ask themselves; among them are the breadth of a device’s exposure, its potential impact, and the ability to prevent a potential adverse impact. According to Nordenberg, there are about 1 billion patient encounters with physicians or other medical care professionals annually, both inpatient and outpatient. Those encounters do not include exposure to medical devices—sometimes, a patient receives a X-ray, and other times, as in an emergency room visit or a stint in the intensive care unit, a patient comes into contact with hundreds of devices and pieces of equipment. “From an epidemiological perspective, if you’re not looking for something, you’re not going to find it,” Nordenger said regarding breaches of device security. “The fact that we haven’t found anything doesn’t mean anything. We haven’t established systematic surveillance for hacking. We don’t have the necessary infrastructure systems to quantify that.” “From an FDA perspective, it falls into realm of reasonably foreseeable risk,” replied Fitzgerald. “Not long ago, we’d never have thought [hacking] would be intentional.” Nair highlighted that medical devices primarily are designed to be safe and effective. Unlike technology designed for entertainment, for instance, medical devices specifically are meant to heal or save lives, so safety is a given. The notion of additional “security” does not instinctively come into play. Technology in other industries such as aerospace, which is much more advanced, must undergo constant certification to ensure the security of software and components. “We have a long way to go,” Nair said of medical devices, “but we’re going in the right direction.” Sherril outlined some of the ways in which enterprise (non-embedded) medical devices and equipment used in veteran care already have successfully manually managed security systems, but Nair pointed out the problem with that: “When you have a secure, manually managed system, there is no incentive to upgrade, and intended use of medical devices gets very outdated very quickly. It causes different kind of problems, and that’s common in any industry—unintended consequences.” Sherrill agreed. “For years in the energy sector, those devices were isolated like medical devices, not intended to connect to networks. As soon as you do that it opens the door [to vulnerability].” Sherrill was referring to the cyber-attack on Iran’s nuclear energy plant in 2010. The virtual “worm” reportedly was capable of assuming control of systems at the plant. This is disastrous enough in terms of a nuclear plant, but in terms of medical devices, the direct result could potentially lead to death, or at the very least, an invasion of privacy. Last year, three senior U.S. House of Representatives Democrats– Rep. Donna F. Edwards (D-Md.), Anna G. Eshoo (D-Calif.), and Edward J. Markey (D-Mass.)—requested a report from the Government Accountability Office (GAO) on wireless medical device security. The GAO report, “Medical Devices: FDA Should Expand Its Consideration of Information Security for Certain Types of Devices,” released last month, found that both the FDA and medical device manufacturers have responded slowly to this emerging threat. “FDA has not considered information security risks resulting from intentional threats,” the GAO concluded in its report. More specifically, the agency failed to consider “intentional threats” in the pre-market approval and evaluation of two devices that were successfully hacked—an implantable cardiac defibrillator and an insulin pump. The GAO report also noted that the FDA has not utilized available resources from other government agencies such as the National Institute of Standards and Technology, which maintains a federal computer security vulnerability database and provides guidance and standards related to computer security. Because technology and reactions to it tend to change very quickly, the GAO may not have reported on the most recent actions of the FDA. “We now routinely ask what the manufacturer has done for confidentiality, security, and so on for cleared devices,” Fitzgerald said. “For PMAs [premarket approvals], we ask for that plus a lot more information and technical specifications.” He also said the FDA is developing better procedures for determining appropriate device security, and bringing in employees with the skills and expertise necessary for this new shift in device examination. Fitzgerald also admitted the FDA’s market surveillance needs to improve: “Currently we have a passive reporting system—the MAUDE [Manufacturer and User Facility Device Experience Database] system relies on certain criteria and triggers to be met, and these clinical outcomes are triggered by keywords. We end up being blind to the field. We have a chunk of the CDRH that actively monitors this passive system, but cyberthreats do not routinely show up—just a handful.”
Enter your account email.
A verification code was sent to your email, Enter the 6-digit code sent to your mail.
Didn't get the code? Check your spam folder or resend code
Set a new password for signing in and accessing your data.
Your Password has been Updated !
