Healthcare leaders are concerned about medical device security, and for good reason. Security vulnerabilities in medical devices present real risks to patient safety, data privacy, and network stability. Healthcare organizations often have limited resources dedicated to addressing these security issues, yet the healthcare industry remains the largest target of cyberattacks compared to other industries. What are the key factors making medical device security such a critical issue, and how can we account for these factors in potential solutions?
By now you probably know about the massive ransomware attack known as WannaCry. But what you may not know is WannaCry is just the latest in a series of increasingly harmful and costly attacks. In 2016 organizations lost an estimated $1 billion from ransomware attacks, and experts expect those attacks will continue to increase throughout 2017. Many healthcare organizations are particularly vulnerable to ransomware. So, what can you do to protect your organization from this concerning trend?
The Food and Drug Administration (FDA) recently released industry guidance for the postmarket management of cybersecurity in medical devices. We are pleased to see the FDA address medical device cybersecurity given the increasing frequency and severity of cyberattacks against healthcare organizations. A recent report shows cyberattacks against healthcare organizations increased 63% in 2016, a trend expected to continue in 2017. Medical device cybersecurity is an urgent issue we must address to help protect healthcare organizations from dangers such as ransomware and data breaches. However, while the recently released FDA guidance provides good recommendations for the primary medical device market, it overlooks a large, growing segment of medical devices: the secondary market.