Medical devices and transportation vehicles are getting more autonomous by the day. This raises serious concern about their security and the level of defense built into them against cyber attacks. The Food and Drug Administration (FDA) has issued its guidance on protecting medical devices like pacemakers and insulin pumps from cyberattacks, named: “Managing Medical Device Cybersecurity in the Postmarket: At the Crossroads of Cyber-safety and Advancing Technology”. It advises manufacturers to level up cybersecurity measures by incorporating monitoring and vulnerability detection into the products. The paper recommends receiving information about potential vulnerabilities from cybersecurity researchers, in case of identified exploitable flaws, the agency wants the companies to assess the risk it poses to patients, and of course they should issue software patches to fix any emerged vulnerability.
According to the FDA, “this final guidance recognizes today’s reality that cybersecurity threats are real, ever-present and continuously changing.” It applies to all medical devices, already out on the market such as those manufactured by St. Jude Medical. The agency is currently investigating St. Jude’s products after an investment firm and a cybersecurity company claimed that they lack even the most basic form of cybersecurity.
The FDA will continuously update and adjust its guidelines, according to current cyberthreats:
“Digital connections power great innovation — and medical device cybersecurity must keep pace with that innovation. The same innovations and features that improve health care can increase cybersecurity risks. This is why we need all stakeholders in the medical device ecosystem to collaborate to simultaneously address innovation and cybersecurity. We’ve made great strides but we know that cybersecurity threats are capable of evolving at the same pace as innovation, and therefore, more work must be done.”
Of course the FDA isn’t the only one interested. The topic has tons of approaches internet-wide, since people are worried about it’s grave implications.
10 Ways to Mitigate the Risk and Effect of Cyber Attacks on Medical Devices from Extreme Networks