A friend of mine recently got a nifty new semi-automated insulin pump that he was really excited about. I half-jokingly asked if he was scared about hackers. His face dropped and he said, “Well…I am now.”
Hacks can sometimes feel like an abstract concept to the average consumer because they TYPICALLY don’t affect consumers as directly and can be resolved with a few angry calls. However as more devices become software dependent AND life critical (e.g. life-supporting medical devices), the downside of a hack scenario is much greater and affects a person very directly.
As more devices become software enabled, this is going to become a bigger issue. Remember the Abbott pacemaker that had some big cybersecurity holes? 2 years later the FDA finally approved a firmware update to patch that.
In fact the FDA seems to be looking more closely at med device security as a whole. It just put out an action plan which heavily prioritizes cybersecurity in medical devices. Some things suggested for med devices include:
Requiring software be patchable
Creating a “Software Bill of Rights” so consumers understand the risks
Disclosing vulnerabilities as they’re identified
Creating a public-private expert board of cybersecurity masters to help assess the risk of new technologies, investigate possible breaches, etc.
Are existing medical device giants ready for a future where they need to ensure cybersecurity standards are met in their devices? They don’t seem to talk about it very much in earnings calls based on a handful we looked at.
While we’re not saying they don’t know how to deal with these issues, juuuuuust in case you can see a list of companies tackling healthcare cybersecurity in our collection. Below are a few specific to medical devices.
“Re: A business deal I’d like to discuss”
In our latest Cyber Defenders report, we talked about companies involved in Human-Factor Security that are preventing email security vulnerabilities.
Apparently emails are one of biggest reasons for breaches in the health industry, according to this report (either sending data to the wrong place or opening up malware).
So…stop doing that. I’ll charge my cybersecurity consulting fee now.
P.S. CB Insights director of healthcare research Marc Albanese will be speaking at the Vision Health Summit in Austin, Texas next week. Marc will discuss telemedicine and remote prescribing. Let us know if you’re interested in connecting.
