Medical Device Manufacturers And Healthcare Delivery Organizations

1800 WordsMay 5, 20178 Pages
Abstract Medical device security is a growing concern for medical device manufacturers, healthcare delivery organizations and regulators in the industry. Increasingly, researchers are demonstrating exactly how vulnerable these devices are. In many cases, networked medical devices are regarded as a potential weak link within a healthcare IT network that could provide a means to expose the entire network to a malware attack. At present there is no formal method for implementing security risk management practices in the medical device industry. However, with new regulatory guidance being developed by the Food and Drug Administration (FDA), medical devices manufacturers will need to prove that their devices are secure. This paper presents a…show more content…
These medical devices have functionality to communicate via healthcare IT networks in a variety of different ways i.e. wirelessly, across the internet, and from device to device. With this increase in adoption and availability of interconnected medical devices, patients can now receive around-the-clock care, outside the healthcare environment, and even in the comfort of their own home. Consequently, resource demands to administer this patient care is significantly reduced. Healthcare delivery organisations utilize a wide range of networked medical devices from hard-wired monitoring devices such as diagnostic equipment (CT scanners) to implanted medical devices such as defibrillators. The benefits of networking these devices are significant but in using such technology, a new set of risks arise which can impact the safety of a patient. These are security risks, threats and vulnerabilities. Until now medical device manufacturers have only been required to demonstrate that their device is safe and effective. With the upcoming FDA cybersecurity regulatory guidance, manufacturers will now have to demonstrate that a medical device is also secure prior to placing it on the market [1]. In order to satisfy this requirement, it is recommended that manufacturers supply documentation detailing (1) the security risks identified during the design stage, (2) the security controls and justification of these controls to
Open Document