When you’re a medical device manufacturer, your primary goal is to get your product into hospitals and care provider networks. The internet of things (IoT), means that every medical device is built for connectivity, including those that once were standalone. Infusion pumps, monitors and MRI scanners all contain critical, sensitive patient data. Everyone agrees that the IoT is a miracle of quality care convenience for doctors and patients alike. On the flip side, it’s a potentially exploitable entry for cyberattackers. Each connected device provides another avenue for a hacker to exploit.
To put it in perspective, there are 10 to 15 million medical devices in U.S. hospitals today. Ever since the first successful wireless pacemaker implant in 2009, internet connected medical device development has taken off. Not yet a decade later, up to 15 connected medical devices per hospital bed is the U.S. norm. Healthcare providers embrace the higher level of care and the operational efficiency that medical devices bring. They also demand ever more specialized medical devices. Enter risk.
That’s one reason that the onus is on medical device manufacturers to build with a ‘security-first’ focus. To design with information security in mind, not just for the device ‘out of the box’ but also for when it’s part of healthcare IT networks, being used bedside. Patches, security scans and security updates all need to be considered. Many device manufacturers are also embracing cloud technology – meaning that a lot of the data processing is happening remotely – which also adds another layer of risk.
[Managing your QMS on spreadsheets and in binders? Download our data sheet to learn how you can automate and simplify your tasks.]
As a medical device manufacturer, you’re following the FDA’s final guidance, which means the recommendations for pre-market, post-market and maintenance that can mitigate patient risk. With IoT device use so prevalent – nearly all healthcare IT networks have IoT medical devices connected to them – that guidance needs to be integrated into your organization’s culture of cybersecurity compliance.
If you’re still questioning why the onus should fall so heavily on the medical device manufacturer vs the healthcare provider, consider this: Surveys show 70% of healthcare IT network management believes that the same cybersecurity standards that work for laptops will work for medical devices. Yikes. Additionally, CISO’s and senior IT leaders in healthcare organizations worry about the spread of malware and data breaches regarding medical device security. Proving that you can be reliably trusted to handle sensitive Protected Health Information (PHI) will make your medical device more attractive to decision makers.
If ready to start working on improving your cybersecurity management, you may need a platform like MyVCM. You can track your assets, conduct security awareness training and schedule patches and audits – all while supporting and involving your healthcare client. In turn, they’re better able to assure the safety and health of the patients who depend on your medical device. Everyone wins. Contact us today to get started!
Not sure where to start?
The NIST Guide can help. We can also provide you with a free copy of Ostendio’s password policy, as an example. Just contact us at firstname.lastname@example.org.
Avoiding the Hidden Pitfalls of Security Audits
In this webinar, see the 5 most common pitfalls of security audits and learn how you can avoid them with the power of MyVCM CrossWalk Assessments.