GlobalData07.16.18
The advent of technology has allowed integration among healthcare services, medical devices, caregivers and patients. This connectivity not only enhances the portability of patient data and enables new avenues of patient-centric care, but also poses inherent risks such as data theft and malicious device tampering, according to data and analytics company GlobalData.
On April 17, Abbott Laboratories recalled certain implantable cardioverter defibrillators (ICDs) and cardiac resynchronization therapy defibrillators (CRT-Ds) to issue a corrective firmware patch to reduce the risk of patient harm due to premature battery depletion and potential exploitation of cybersecurity vulnerabilities.
Medical device vulnerabilities extend well beyond wireless devices. Recently, an Israeli research group from Ben-Gurion University of the Negev identified computed tomography (CT) scanners as a primary point of vulnerability in hospitals and demonstrated that the devices’ operations could be maliciously altered. The authors of the report revealed that CT devices’ exploitation could lead to radiation overdose or data manipulation.
These operating system exploits can be particularly disruptive, as was seen in last year’s WannaCry ransomware cyberattack. This attack spread globally and had a profoundly negative impact on National Health Service (NHS) hospitals in the United Kingdom, some of which were forced to divert patients. Following WannaCry, NHS Digital assessed 200 trusts and found that all of them were still vulnerable to further attacks, indicating an urgent need for regulatory bodies to fully address the issue of cybersecurity.
David Brown, Ph.D., medical device analyst at GlobalData, said, “These glitches have been around for a long time and they should have been dealt with a lot sooner as patient data and device control/protection should be one of the highest priorities for Internet connected facilities. As medical devices continue to become more complex, integrated and connected, it is vital that they are secured from cyberattacks across their entire life cycle to ensure that they remain safe for use.”
Against this backdrop, the U.S. Food and Drug Administration (FDA) has announced “The Medical Device Safety Action Plan: Protecting Patients, Promoting Public Health” to refine oversight of medical device safety throughout the total product life cycle (TPLC).
As part of the plan, the FDA intends to establish a robust medical device patient safety net in the United States, explore regulatory options to streamline and modernize timely implementation of post-market mitigations, spur innovation towards safer medical devices, advance medical device cybersecurity, and integrate the Center for Devices and Radiological Health’s pre-market and post-market offices and activities to advance the use of a TPLC approach to device safety.
In each of these areas, this plan outlines tailored actions, some of which can be accomplished under the FDA’s existing authorities and some of which would require consideration of new authorities or funding.
About 4,000 of the world’s largest companies, including over 70 percent of FTSE 100 and 60 percent of Fortune 100 companies, make more timely and better business decisions thanks to GlobalData’s unique data, expert analysis and innovative solutions, all in one platform. GlobalData’s mission is to help clients decode the future to be more successful and innovative across a range of industries, including the healthcare, consumer, retail, financial, technology and professional services sectors.
On April 17, Abbott Laboratories recalled certain implantable cardioverter defibrillators (ICDs) and cardiac resynchronization therapy defibrillators (CRT-Ds) to issue a corrective firmware patch to reduce the risk of patient harm due to premature battery depletion and potential exploitation of cybersecurity vulnerabilities.
Medical device vulnerabilities extend well beyond wireless devices. Recently, an Israeli research group from Ben-Gurion University of the Negev identified computed tomography (CT) scanners as a primary point of vulnerability in hospitals and demonstrated that the devices’ operations could be maliciously altered. The authors of the report revealed that CT devices’ exploitation could lead to radiation overdose or data manipulation.
These operating system exploits can be particularly disruptive, as was seen in last year’s WannaCry ransomware cyberattack. This attack spread globally and had a profoundly negative impact on National Health Service (NHS) hospitals in the United Kingdom, some of which were forced to divert patients. Following WannaCry, NHS Digital assessed 200 trusts and found that all of them were still vulnerable to further attacks, indicating an urgent need for regulatory bodies to fully address the issue of cybersecurity.
David Brown, Ph.D., medical device analyst at GlobalData, said, “These glitches have been around for a long time and they should have been dealt with a lot sooner as patient data and device control/protection should be one of the highest priorities for Internet connected facilities. As medical devices continue to become more complex, integrated and connected, it is vital that they are secured from cyberattacks across their entire life cycle to ensure that they remain safe for use.”
Against this backdrop, the U.S. Food and Drug Administration (FDA) has announced “The Medical Device Safety Action Plan: Protecting Patients, Promoting Public Health” to refine oversight of medical device safety throughout the total product life cycle (TPLC).
As part of the plan, the FDA intends to establish a robust medical device patient safety net in the United States, explore regulatory options to streamline and modernize timely implementation of post-market mitigations, spur innovation towards safer medical devices, advance medical device cybersecurity, and integrate the Center for Devices and Radiological Health’s pre-market and post-market offices and activities to advance the use of a TPLC approach to device safety.
In each of these areas, this plan outlines tailored actions, some of which can be accomplished under the FDA’s existing authorities and some of which would require consideration of new authorities or funding.
About 4,000 of the world’s largest companies, including over 70 percent of FTSE 100 and 60 percent of Fortune 100 companies, make more timely and better business decisions thanks to GlobalData’s unique data, expert analysis and innovative solutions, all in one platform. GlobalData’s mission is to help clients decode the future to be more successful and innovative across a range of industries, including the healthcare, consumer, retail, financial, technology and professional services sectors.