On October 16, the FDA’s Center for Devices and Radiological Health and Homeland Security’s Office of Cybersecurity and Communications announced a partnership to address cybersecurity issues related to the utilization of medical devices. As healthcare professionals continue to rely on computer-based systems to monitor and treat patients effectively, cybersecurity threatens providers and hospital systems. Confusion regarding the role of the FDA in medical device security, and questioning the accountability of manufacturers in terms of security issues, are two of the key factors concerning health IT professionals. The possibility of potential threats continues to grow alongside the need for data management for network security. The FDA and HHS memorandum of agreement renews the agencies commitment to coordinate, identify, and address cybersecurity risks that pertain to patient safety by agreeing to communicate and share information about data being stored on medical devices.
In August of 2018, a cybersecurity company (McAfee) announced that it was able to modify patients’ heart rate data that was shown on a central monitoring screen. McAfee’s study showed that for there to be any impact on a patient, the modification would have to be believable to tending providers and occur in real time. McAfee determined that by utilizing the same network as the devices, it was possible to modify vital signs in real time. Since that study, numerous IT professionals have expressed concern about the safety of devices in terms of cybersecurity. A recent study from KLS Research and the College of Healthcare Information Management Executives showed that hospital IT executives were not unified in their confidence of medical device security. 31% of those surveyed said that they were “unconfident” “very unconfident” in medical devices ability to protect patient safety and prevent disruptions in patient care. By unifying efforts to address cybersecurity, higher confidence in devices as well as the ability to more effectively monitor and resolve potential breaches can be achieved.
The new memorandum between the FDA and Department of Homeland Security creates a broad effort to protect the safety of patients. By increasing communication between the two departments, the government and stakeholders can increase their awareness of threats and improve responses to them.
We advise and represent hospitals, medical practices, physicians and other healthcare providers. If you have questions about this post, contact us at (404) 685-1662 (Atlanta) or (706) 722-7886 (Augusta), or by email, firstname.lastname@example.org.
Disclaimer: Thoughts shared here do not constitute legal advice. Please consult with an attorney to discuss your legal issue.
Source: FDA Memorandum of Understanding