Tuesday, March 26, 2019

FDA issues cybersecurity warning on Medtronnic ICDs

Image courtesy Medtronic Public

Warning highlights need for greater attention to medical device security

PARCA eNews – Mar. 21, 2019 – The FDA issued an alert Mar. 21, 2019 regarding cybersecurity vulnerabilities of a list of Medtronic implantable cardiac devices. Both implantable cardioverter defibrillators (ICDs and cardiac resynchronization therapy defibrillators (CRT-Ds) were identified in the alert.

While the FDA is not aware of any reports regarding any harm to patients due to these cybersecurity issues, the report highlights the potential for interception of patient data transferred by radio frequency channels from such devices.

In the wake of the alert, experts are calling for greater focus on safeguarding medical technology against cyberattacks.The Healthcare & Public Sector Coordinating Council is calling for health providers and customers of medical devices to be able to access cybersecurity bill of materials. According to Mass Device, an online industry cybersecurity trade-zine, such access would list all commercial, open-source and custom-code software.

The FDA has created two categories for cyber-risks, one is for implantable devices connected to other medical or non-medical products, a network or the Internet, the other covers all other connected devices, such as MRI machines or portable cardio rhythm monitors, according to Becker’s Health IT & CIO Report.

"As medical devices become increasingly connected to networks, security risks move beyond the device to intrusions across the digital network ecosystem," a GE spokesperson told Bloomberg Law. "Therefore, we believe that cybersecurity in the healthcare setting is a shared responsibility among all stakeholders, including medical device manufacturers, system integrators, product owners/users and patients."

Sources: FDA Cybersecurity Mar. 21, 2019 alert, Mass Device, Becker’s Health IT & CIO Report , and Bloomberg Law

No comments:

Post a Comment