• Login
    • Join
  • FOLLOW:
  • Subscribe Free
    • Magazine
    • eNewsletter
    Checkout
    • Magazine
    • News
    • Opinions
    • Top 30
    • Research
    • Supply Chain
    • Device Sectors
    • Directory
    • Events
    • Resources
    • Microsites
    • More
  • Magazine
  • News
  • Opinions
  • Top 30
  • Research
  • Supply Chain
  • Device Sectors
  • Directory
  • Events
  • Resources
  • Microsites
  • Current / Back Issues
    Features
    Editorial
    Digital Edition
    eNewsletter Archive
    Our Team
    Editorial Guidelines
    Reprints
    Subscribe Now
    Advertise Now
    Top Features
    6 Ways ERP Systems Help Medical Device Manufacturers Manage Risk and Profitability

    Machining & Laser Processing Have Huge Parts to Play in Medtech Manufacturing

    Medtech R&D Teams Must Be Creative & Resilient to Survive

    Struggling Suppliers in Electronics Manufacturing Services (EMS)

    Deep (Brain) Thoughts with Medtronic's Neuromodulation President
    OEM News
    Supplier News
    Service / Press Releases
    Online Exclusives
    Press Releases
    People in the News
    Product & Service Releases
    Supplier News
    Medtech Makers
    Technical Features
    International News
    Videos
    Product & Service Releases
    Live From Shows
    Regulatory
    Financial/Business
    Top News
    MO SCI Acquires Assets of 3M’s Advanced Materials Business

    Neurent Medical’s NEUROMARK System Becomes Commercially Available in U.S. Markets

    Aspivix's Carevix Cervical Stabilizer Gains FDA OK

    Apyx Medical Submits 510(k) App for Renuvion APR Handpiece

    LivaNova Releases SenTiva DUO VNS for Drug-Resistant Epilepsy
    From the Editor
    Blogs
    Guest Opinions
    Top Opinions
    6 Ways ERP Systems Help Medical Device Manufacturers Manage Risk and Profitability

    Machining & Laser Processing Have Huge Parts to Play in Medtech Manufacturing

    Medtech R&D Teams Must Be Creative & Resilient to Survive

    Struggling Suppliers in Electronics Manufacturing Services (EMS)

    Deep (Brain) Thoughts with Medtronic's Neuromodulation President
    Top 30 Medical Device Companies
    Market Data
    White Papers
    Top Research
    Deducing the Dual Reality of Elizabeth Holmes

    The Return of the AdvaMed MedTech Conference…Live!

    Material Matters: New Materials Call for New Thinking

    5 Ways to Maintain a Talent-Centric Mindset, Even During Economic Uncertainty

    The Changing Face of UK Medical Device Regulations: Most Recent Update
    3D/Additive Manufacturing
    Contract Manufacturing
    Electronics
    Machining & Laser Processing
    Materials
    Molding
    Packaging & Sterilization
    R&D & Design
    Software & IT
    Testing
    Tubing & Extrusion
    Cardiovascular
    Diagnostics
    Digital Health
    Neurological
    Patient Monitoring
    Surgical
    Orthopedics
    All Companies
    Categories
    Company Capabilities
    Add New Company
    Outsourcing Directory
    Paragon Medical

    Arthur G. Russell Co. Inc., The

    Medbio LLC

    Halkey-Roberts Corporation

    LEMO USA Inc.
    MPO Summit
    Industry Events
    Webinars
    Live From Show Event
    Industry Associations
    Videos
    Career Central
    eBook
    Slideshows
    Top Resources
    Onshoring Medical Device Manufacturing Can Strengthen Supply Chains

    How Artificial Intelligence Can Combat Key Issues Impacting Healthcare

    Why Advanced Sensors Are Crucial Within Medical Pumps

    How Artificial Intelligence Could Help Prevent 80% of Chronic Diseases

    4 Ways to Use Injection Molding in Medical Device Manufacturing
    Companies
    News Releases
    Product Releases
    Press Releases
    Product Spec Sheets
    Service Releases
    Case Studies
    White Papers
    Brochures
    Videos
    Outsourcing Directory
    Paragon Medical

    Arthur G. Russell Co. Inc., The

    Medbio LLC

    Halkey-Roberts Corporation

    LEMO USA Inc.
    • Magazine
      • Current/Back Issues
      • Features
      • Editorial
      • Columns
      • Digital Editions
      • Subscribe Now
      • Advertise Now
    • News
    • Directory
      • All Companies
      • ALL CATEGORIES
      • Industry Associations
      • Company Capabilities
      • Add Your Company
    • Supply Chain
      • 3D/Additive Manufacturing
      • Contract Manufacturing
      • Electronics
      • Machining & Laser Processing
      • Materials
      • Molding
      • Packaging & Sterilization
      • R&D & Design
      • Software & IT
      • Testing
      • Tubing & Extrusion
    • Device Sectors
      • Cardiovascular
      • Diagnostics
      • Digital Health
      • Neurological
      • Patient Monitoring
      • Surgical
      • Orthopedics
    • Top 30 Company Report
    • Expert Insights
    • Slideshows
    • Videos
    • eBook
    • Resources
    • Podcasts
    • Infographics
    • Whitepapers
    • Research
      • White Papers
      • Case Studies
      • Product Spec Sheets
      • Market Data
    • MPO Summit
    • Events
      • Industry Events
      • Live From Show Events
      • Webinars
    • Microsite
      • Companies
      • Product Releases
      • Product Spec Sheets
      • Services
      • White Papers / Tech Papers
      • Press Releases
      • Videos
      • Literature / Brochures
      • Case Studies
    • About Us
      • About Us
      • Contact Us
      • Advertise with Us
      • eNewsletter Archive
      • Privacy Policy
      • Terms of Use
    Columns

    Meeting the Cybersecurity Challenges of Healthcare: Effective OEM Strategies

    The risk and complexity of cyber threats to the global healthcare ecosystem is undeniable—and growing.

    Meeting the Cybersecurity Challenges of Healthcare: Effective OEM Strategies
    OEMs need to demonstrate how their solutions can address or alleviate security concerns before cyber-attacks or data breaches arise. Image courtesy of MedAcuity.
    Jarman Joerres, Co-Founder and Principal, MedAcuity10.01.21
    The risk and complexity of cyber threats to the global healthcare ecosystem is undeniable—and growing. The responsibility to prevent exploitation of cloud-based systems, mobile and wearable devices, Internet of Medical Things (IoMT) products, and legacy devices, as well as those facing obsolescence, fall primarily on the OEM. Today, healthcare facilities are putting much more scrutiny on medical device OEMs to demonstrate a good understanding of their organization’s security requirements and how their solutions can address or alleviate security concerns long before cyber-attacks or data breaches arise. According to the FDA, it is the responsibility of the medical device manufacturers (MDMs) to be vigilant in “identifying risks and hazards associated with their medical devices, including risks related to cybersecurity.”1 Although the medtech industry has a general awareness of the threats, and implications thereof, there is still more that can be done to mitigate the risks.

    Challenges Facing OEMs Today
    An Increasingly Complex Healthcare Landscape
    Today’s healthcare ecosystem is more complex and distributed than ever before with no signs of abating. Security vulnerabilities and points of entry continue to increase with the proliferation of digital healthcare, wearable and connected devices, patient portals, widespread adoption of BYOD (bring your own device) among caregivers, and more fully integrated technologies of accountable care organizations (ACOs), health information exchanges (HIEs), and payers.

    Recently, cybercriminals have been exploiting the strain COVID has placed on the overburdened healthcare system. According to findings from Check Point Software, healthcare organizations have seen a 45 percent increase in cyberattacks between November 2020 and January 2021—more than double that of other industry sectors. While ransomware has been the main form of attack, botnets, remote code execution, and DDoS have also been used.2

    Cybersecurity Understanding and Accountability
    Organizations grapple with the impact cybersecurity poses. It is no longer a specter. Cybersecurity is real, and front and center, but OEMs face daunting questions about how to adapt their organizations and get ready to address the threat.
    • Where do you start?
    • Which business functions are most impacted?
    • Do we have the appropriate personnel to pull this off?

    Additionally, for those organizations who believe they have a handle on it, many still view cybersecurity as something that can be bolted on late in the product development process. But for MDMs to truly succeed, cybersecurity needs to become a lever for holistic organizational change. The importance of good cyber hygiene practices that both complement and reinforce safety risk management within their product development lifecycle must be a priority.

    Legacy Devices
    While it is true newer devices tend to use wireless communications more often, legacy medical devices can be even more vulnerable to cyber threats based on their longevity and technical obsolescence risk. Many legacy devices currently in use in healthcare environments were developed and manufactured well before cybersecurity was a significant concern and are now highly vulnerable. As software systems inevitably become outdated, the risk of being hacked or compromised increases exponentially, putting a patient’s personal data and physical safety at heightened risk. This risk also impacts healthcare providers and medical device OEMs in the form of significant reputational damage and financial consequences as a result.

    Yet the costs and efforts to update legacy devices to make them cyber-compliant are often prohibitive for OEMs. Some of the struggles they face relate to:
    • Swapping out hardware during a refurbish as it goes end-of-life
    • The typical two-year lifespan of software (including Windows) requires timely security patches
    • The five-year sales cycle of some medical devices leaves them quickly unsupportable

    Hospitals and device makers have been at odds as to whom the burden lies with to make legacy devices more secure. The American Hospital Association has asserted that some basic measures, such as upgrading a device from Windows 7 to Windows 10, should be anticipated by device manufacturers and be a part of expected and affordable maintenance.3

    OEM Strategies
    Taking A Holistic Approach
    For a holistic cybersecurity strategy to become truly embedded in an organization, it is critical the overarching approach to developing the program embraces three pillars to maximize effectiveness. This year, the FDA debuted draft guidance entitled “Remanufacturing of Medical Devices” to help clarify at what point changes to a medical device become “remanufacturing” as opposed to “servicing.”4 This draft guidance includes recommendations to help ensure the continued quality, safety, and effectiveness of devices intended to be serviced over their useful life.5 The following strategies build upon the core tenets and guidance provided by the FDA.

    Building out a holistic cyber strategy with FDA-aligned cyber procedures and artifacts is necessary to address the increased FDA scrutiny while getting products out to market. MDM organizations that build out a strong team and process are best suited to select technologies that maximize ROI by making cyber management more efficient in both pre- and post-market scenarios.

    Top Down
    It is essential for MDMs to stay abreast of rapidly evolving cyber threats and best practices for assessing and mitigating vulnerabilities. From an organizational perspective, the best place to start with a cybersecurity strategy is at the top—with C-level executives. It can no longer just be a pain point for product development teams. Further, cybersecurity is not something that can simply be bolted onto a medical device as an afterthought. Turning a blind eye or trying to cut corners will only extend the cost and duration of the development lifecycle. In the worst case, a product with vulnerabilities reaches the market and compromises patient safety or the environment in which it operates.

    Right People
    Teams should be built with the right people from the appropriate functional areas of the business who will drive the mission to foster a cybersecurity mindset. For example, the implementers—software engineers—(whether internal or external) must have the qualifications, capabilities, and directive to prioritize security, with a continuously evolving knowledge of the risks and mitigations, and a vigilance for closing gaps.

    Right Process
    Successful organizations build upon an “organizational readiness mindset” as a base for instituting effective and pragmatic strategies across the three pillars. Organizations that make a large investment in cybersecurity monitoring and analysis platforms without the necessary people or process disciplines typically find themselves facing a sizable sunk cost. Conversely, organizations that evolve their cybersecurity discipline across the pillars will earn ongoing dividends on the investment.

    Right Technology
    A solid strategy is to institute programs across people and processes first, then apply the appropriate technologies as program needs are better understood. Starting with the right people who understand cybersecurity and then evolving the team through training and experience is the fastest and most effective track for developing a strong discipline. However, a strong cybersecurity team can only go so far without the necessary process support that demonstrates an effective and repeatable mechanism for managing cyber risks.

    Specific Legacy Device Strategies
    Anticipating the challenges of legacy devices and rolling in strategies early on to mitigate the risks can help prevent significant issues in the long run. Such strategies may include:
    • Planned obsolescence—Deliver a product to market with a five-year end-of-life plan and with a five-year post-end-of-life support period.
    • Select software, such as Windows 10 IoT Enterprise, that has a 10-year lifespan and security support/patch window.
    • Refresh product lines more frequently and offer customers upgrade incentives to purge legacy products from the field.
    • Lower the cost of ownership or cost of support by managing a device fleet remotely.
    • Respond to new vulnerabilities and threats more rapidly with over-the-air updates.

    Making the Business Case for Cybersecurity
    Investing in cybersecurity early and doing it with a holistic mindset can equate to less money and effort spent on late-stage fixes or damage control when a data breach or cyber-attack happens. Overall, this contributes to maximum gross profits by minimizing the likelihood of costly adverse events, and the associated reputational and intellectual property exposure adverse events can create. There are also greater efficiencies gained through optimal FDA compliance. This minimizes the barriers of selling to the end-client healthcare facility, whose IT department rigorously vets a checklist of the cyber considerations of its chosen MDM.

    Bottom Line
    In 2020, IBM reported a data breach costs a healthcare organization an average of $7.13 million—a 10 percent increase from the 2019 average.6 Therefore, it’s no surprise they are increasing the scrutiny on the OEMs they opt to do business with. For medical device companies to continue adding value to the healthcare ecosystem through transformative solutions without introducing unmitigated risk, cybersecurity can no longer be an afterthought or a bolt-on. Instead, it must be a key consideration valued from the top of an organization down. Best practices need to be baked into every aspect of the product development lifecycle and investments made in the right people, process, and technology along with legacy device strategies to effectively combat cyber risks. 

    References
    1. bit.ly/mpo211021
    2. bit.ly/mpo211022
    3. bit.ly/mpo211023
    4. bit.ly/mpo211024
    5. bit.ly/mpo211025
    6. bit.ly/mpo211026


    Jarman Joerres is a senior software architect and cybersecurity specialist. He works exclusively with medtech companies to solve the business and technical challenges inherent in developing complex software-driven medical devices and solutions. 
    Related Searches
    • Software & IT
    Related Knowledge Center
    • Software & IT
      Loading, Please Wait..

      Trending
      • Study: Smartphone Therapeutic Helps Improve Fibromyalgia In Patients
      • CGM Devices Could Become Main Glucose Monitoring Solution In U.S.
      • Environmental Sustainability Becoming Increasingly Important To Medtech Industry
      • The Future Of Biomedical Engineering Advancements
      • A New Approach To Post-Market Surveillance
      Breaking News
      • MO SCI Acquires Assets of 3M’s Advanced Materials Business
      • Neurent Medical’s NEUROMARK System Becomes Commercially Available in U.S. Markets
      • Aspivix's Carevix Cervical Stabilizer Gains FDA OK
      • Apyx Medical Submits 510(k) App for Renuvion APR Handpiece
      • LivaNova Releases SenTiva DUO VNS for Drug-Resistant Epilepsy
      View Breaking News >
      CURRENT ISSUE

      January/February 2023

      • Struggling Suppliers in Electronics Manufacturing Services (EMS)
      • Machining & Laser Processing Have Huge Parts to Play
      • Medtech R&D Teams Must Be Creative & Resilient to Survive
      • Medtronic Neuromodulation President, Nnamdi Njoku, Interview
      • 6 Ways ERP Systems Help Medical Device Manufacturers Manage Risk and Profitability
      • View More >

      Cookies help us to provide you with an excellent service. By using our website, you declare yourself in agreement with our use of cookies.
      You can obtain detailed information about the use of cookies on our website by clicking on "More information”.

      • About Us
      • Privacy Policy
      • Terms And Conditions
      • Contact Us

      follow us

      Subscribe
      Nutraceuticals World

      Latest Breaking News From Nutraceuticals World

      GOED Elects New Board Officers for 2023
      Aspire Hires Darrec Jones as VP of Business Development
      Pycnogenol Supplementation Linked to Better Hair Density in Menopausal Women
      Coatings World

      Latest Breaking News From Coatings World

      PPG Completes COLORFUL COMMUNITIES Project in Denmark
      10 Partners of the Automotive Industry Form JV, Cofinity-X
      BASF Recognized as Top Company for Supplier Diversity
      Medical Product Outsourcing

      Latest Breaking News From Medical Product Outsourcing

      MO SCI Acquires Assets of 3M’s Advanced Materials Business
      Neurent Medical’s NEUROMARK System Becomes Commercially Available in U.S. Markets
      Aspivix's Carevix Cervical Stabilizer Gains FDA OK
      Contract Pharma

      Latest Breaking News From Contract Pharma

      Lilly 4Q Revenues Down 9% to $7.3B
      Bionova Expansion Project to Quadruple GMP Biologics Manufacturing Capacity
      Steriline Provides Fill-Finish Solution for Berkshire Sterile Manufacturing
      Beauty Packaging

      Latest Breaking News From Beauty Packaging

      Pacifica Introduces Glow Baby Skincare Line
      Kohl’s Names Tom Kingsbury as Chief Executive Officer
      Mielle Unveils Haircare Bundles Inspired by Amazon Original Series Harlem
      Happi

      Latest Breaking News From Happi

      Grant Industries Names Mehran Ghadim Sales Manager, Canada
      Bio-Oil Celebrates Body Confidence Through Body Positivity Month Campaign
      Net Sales for Clorox Increase 1% for Q2 2023
      Ink World

      Latest Breaking News From Ink World

      Roland DGA Announces Key Changes to Leadership Team
      Ball Reports 2022 Results
      3D Printing Materials Market Worth $7.9 Billion by 2027: MarketsandMarkets
      Label & Narrow Web

      Latest Breaking News From Label & Narrow Web

      MM Packaging adds first Nilpeter press for Dublin site
      Polytag develops new UV tag reading technology
      Enterprise Print Group adds Screen Truepress Jet L350UV SAI E
      Nonwovens Industry

      Latest Breaking News From Nonwovens Industry

      What You’re Reading on Nonwovens-Industry.com
      Kimberly-Clark Supports Period Poverty Initiative in Australia
      Suominen Reports Q4, Full Year Results
      Orthopedic Design & Technology

      Latest Breaking News From Orthopedic Design & Technology

      Toetal Solutions Secures $1.8 Million in New Financing
      Adrian Tyndall Joins Axogen's Board of Directors
      ADSM-Synchro Medical Acquired by Tyber Medical
      Printed Electronics Now

      Latest Breaking News From Printed Electronics Now

      Zebra Provides East West Shrine Bowl with RFID Tracking Technology
      AAAS Elects Three ORNL Scientists as Fellows
      Flex Recognized as One of Fortune World’s Most Admired Companies 2023

      Copyright © 2023 Rodman Media. All rights reserved. Use of this constitutes acceptance of our privacy policy The material on this site may not be reproduced, distributed, transmitted, or otherwise used, except with the prior written permission of Rodman Media.

      AD BLOCKER DETECTED

      Our website is made possible by displaying online advertisements to our visitors.
      Please consider supporting us by disabling your ad blocker.


      FREE SUBSCRIPTION Already a subscriber? Login