Blog / Jan 16, 2017 10:00:00 AM

Securing the Secondary Market for Medical Devices from Cyber Attacks

Written by Josh Dixon

Cyber Security

shutterstock_146147621.jpgThe Food and Drug Administration (FDA) recently released industry guidance for the postmarket management of cybersecurity in medical devices. We are pleased to see the FDA address medical device cybersecurity given the increasing frequency and severity of cyberattacks against healthcare organizations. A recent report shows cyberattacks against healthcare organizations increased 63% in 2016, a trend expected to continue in 2017. Medical device cybersecurity is an urgent issue we must address to help protect healthcare organizations from dangers such as ransomware and data breaches. However, while the recently released FDA guidance provides good recommendations for the primary medical device market, it overlooks a large, growing segment of medical devices: the secondary market.

The secondary medical device market is the market created by the resale and purchase of used and refurbished medical devices. Hospitals and clinicians facing limited funds and budget constraints can purchase used medical devices for a fraction of the cost of new medical devices. This market is already over $6 billion according to recent reports, and is projected to grow further to nearly $12 billion by 2021. The product warranties and manufacturer remediation available to the primary medical device market do not adequately address the concerns of the secondary medical device market. Hospitals and clinicians engaged in cybersecurity risk management and remediation for refurbished medical devices require a more proactive approach to cybersecurity in order to effectively navigate the challenges they face.

Guidance for medical device cybersecurity must address both the concerns of the primary and secondary medical device markets. We urge the FDA to consider the vulnerabilities of medical devices in the growing secondary medical device market and provide guidance to help hospitals and clinicians effectively manage and remediate potential cybersecurity risks. Recommendations for this guidance might include the implementation of cybersecurity solutions capable of addressing software flaws or vulnerabilities present in medical devices for which manufacturers no longer provide support. Other recommendations might include network solutions capable of protecting unsecured medical devices from external cyberattacks. We believe it is important to provide the healthcare industry with continued support and recommendations to help protect healthcare organizations from the ever-increasing threat of cyberattacks they face today.


Stay Up-To-Date With The Latest News

Josh Dixon

Written by Josh Dixon

Josh Dixon is Ellumen's healthcare and cybersecurity analyst offering our clients and partners timely insights for the business and policy events shaping the technology landscape. When he is not busy developing content or delving into documentation you can likely find him playing pinball somewhere near Pittsburgh. Share your comments with Josh on Twitter or read more about Josh's career on LinkedIn.

view all posts >


Learn More