Explore the most recent editions of MPO Magazine, featuring expert commentary, industry trends, and breakthrough technologies.
Access the full digital version of MPO Magazine anytime, anywhere, with interactive content and enhanced features.
Join our community of medical device professionals. Subscribe to MPO Magazine for the latest news and updates delivered straight to your mailbox.
Explore the transformative impact of additive manufacturing on medical devices, including design flexibility and materials.
Learn about outsourcing options in the medical device sector, focusing on quality, compliance, and operational excellence.
Stay updated on the latest electronic components and technologies driving innovation in medical devices.
Discover precision machining and laser processing solutions that enhance the quality and performance of medical devices.
Explore the latest materials and their applications in medical devices, focusing on performance, biocompatibility, and regulatory compliance.
Learn about advanced molding techniques for producing high-quality, complex medical device components.
Stay informed on best practices for packaging and sterilization methods that ensure product safety and compliance.
Explore the latest trends in research and development, as well as design innovations that drive the medical device industry forward.
Discover the role of software and IT solutions in enhancing the design, functionality, and security of medical devices.
Learn about the essential testing methods and standards that ensure the safety and effectiveness of medical devices.
Stay updated on innovations in tubing and extrusion processes for medical applications, focusing on precision and reliability.
Stay ahead with real-time updates on critical news affecting the medical device industry.
Access unique content and insights not available in the print edition of the MPO Magazine.
Explore feature articles that delve into specific topics within the medical device industry, providing in-depth analysis and insights.
Gain perspective from industry experts through regular columns addressing key challenges and innovations in medical devices.
Read the editor’s thoughts on the current state of the medical device industry.
Discover the leading companies in the medical device sector, showcasing their innovations and contributions to the industry.
Explore detailed profiles of medical device contract manufacturing and service provider companies, highlighting their capabilities and offerings.
Learn about the capabilities of medical device contract manufacturing and service provider companies, showcasing their expertise and resources.
Watch informative videos featuring industry leaders discussing trends, technologies, and insights in medical devices.
Short, engaging videos providing quick insights and updates on key topics within the medical device industry.
Tune in to discussions with industry experts sharing their insights on trends, challenges, and innovations in the medical device sector.
Participate in informative webinars led by industry experts, covering various topics relevant to the medical device sector.
Stay informed on the latest press releases and announcements from leading companies in the medical device manufacturing industry.
Access comprehensive eBooks covering a range of topics on medical device manufacturing, design, and innovation.
Highlighting the innovators and entrepreneurs who are shaping the future of medical technology.
Explore sponsored articles and insights from leading companies in the medical device manufacturing sector.
Read in-depth whitepapers that explore key issues, trends, and research findings for the medical device industry.
Discover major industry events, trade shows, and conferences focused on medical devices and technology.
Get real-time updates and insights live from the CompaMed/Medica conference floor.
Join discussions and networking opportunities at the MPO Medtech Forum, focusing on the latest trends and challenges in the industry.
Attend the MPO Summit for insights and strategies from industry leaders shaping the future of medical devices.
Participate in the ODT Forum, focusing on orthopedic device trends and innovations.
Discover advertising opportunities with MPO to reach a targeted audience of medical device professionals.
Review our editorial guidelines for submissions and contributions to MPO.
Read about our commitment to protecting your privacy and personal information.
Familiarize yourself with the terms and conditions governing the use of MPOmag.com.
What are you searching for?
The “malicious hacker” is no longer just a myth, but a threat to be taken seriously.
October 6, 2015
By: Ranica Arrowsmith
Associate Editor
Let’s talk about medical device cybersecurity. Again. Recently, at the Derbycon 5.0 “Unity” conference held Sept. 23-27, researchers Scott Erven and Mark Collao presented some troubling findings regarding medical device security. They are associate director and security consultant, respectively, for consulting firm Protiviti Inc. they, like others before them, set out to uncover whether medical device hacking is just a myth or unfounded fear, or a real threat. They set up “honeypots”—computers that mimicked medical systems to entice potential hackers. These honeypots reportedly attracted 55 successful logins, 24 exploits, and 299 malware attacks. Erven and Collao’s project demonstrated what others have not before. While previously, non-malicious hackers and device companies themselves have hacked into devices and electronic medical systems to unveil vulnerabilities, this project unveiled true malicious hackers waiting in the sidelines ready and willing to exploit those vulnerabilities. During the AdvaMed 2015 panel on cybersecurity, enticingly titled “The Hidden Life of Medical Devices,” Vice President of Government/Education Relations and Senior PKI Architect for DigiCert Inc. Scott Rea reminded attendees not to forget these threats. “We shouldn’t lose sight of how the health industry has traditionally been slow on the best ways to serve patients because of perceptions of cybersecurity,” Rea, an expert in and an advocate for advancing healthcare IT security, said. “As healthcare begins to embrace these things, we mustn’t lose sight of the fact that there are malicious groups out there ready and waiting to take advantage.” While it may be tempting to dismiss this opinion as fear-mongering—after all, how useful are health records to hackers, really?—studies such as Erven and Collao’s confirm that the medtech industry and the U.S. Food and Drug Administration is right to take cybersecurity concerns very seriously. The reality, Rea told MPO, is that the lure for malicious entities is manifold. With health records, a malicious hacker has enough information to set up false financial accounts for an individual. If a patient is a person of public interest, hackers could also hold records for ransom. Rea also noted that 76 percent of malicious hacks come from “people on the inside”—employees of a tech company, for instance. They could, and do, identify people who have access to secure information that may, for example, have financial difficulties and be vulnerable to a bribe. In addition, device technology vulnerabilities open medical device manufacturers up to host of legal ramifications. Debra Breummer, manager of clinical information security at Mayo Clinic, noted that while the Mayo staff are extremely proactive in working with medical device vendors on their expectations for device security, they are yet to see a device company be truly proactive on their end in this regard. “We’re still waiting for the day when a medical device vendor calls us and admits, ‘we know this about our device, we want you to be aware, and this is what you can do to protect yourself,’” she Breummer said. “There is just not that collaboration and sharing from vendors. I would encourage vendors to create effective channels to deal with vulnerabilities customers communicate to you.” Breummer recalled an incident where she and her team compiled a comprehensive report on a device’s vulnerabilities and submitted it to the medical device company in question for review. “We shared it with vendor in what we thought were appropriate channels,” she said. “Months later while waiting for response, we met with the group in the company that deals with cybersecurity. We found that that group hadn’t even heard about the report we submitted. They had no good communication channels, which was quite embarrassing for them.” “True collaboration is needed to really solve the cybersecurity issue,” panel moderator Melissa Masters of research and development firm Battelle said. “But every hospital, provider and entity are conducting their own testing and operating with their own rules.” But the panelists agreed they don’t see standardization happening anytime soon. While The U.S. Food and Drug Administration (FDA) has released guidances on the issue, they have been, so far, siloed. Mobile apps, software, data systems and so on each have their own guidance document and set of standards. Bakul Patel, associate director for digital health at the FDA, acknowledged this problem on the AdvaMed panel. The agency has recently merged its disparate pages on all topics digital health into one web page under “digital health,” making it easier for device companies to find and understand requirements and expectations regarding device security. It’s a start.
Enter your account email.
A verification code was sent to your email, Enter the 6-digit code sent to your mail.
Didn't get the code? Check your spam folder or resend code
Set a new password for signing in and accessing your data.
Your Password has been Updated !
