As cybercriminals continue to change their tactics to gain access to networks, there is growing concern among some security experts that hacking medical devices will be used as a new entry point.
In 2015, cybersecurity defense firm TrapX released a report finding that hackers targeted and compromised Internet connected medical devices to gain access to hospital networks.
Last year, Johnson & Johnson became the first medical device manufacturer to warn patients about a cyber vulnerability advising patients that old insulin pump models could be exploited.
Also last year, cybersecurity and research company MedSec Holdings discovered potential vulnerabilities in cardiovascular device maker St. Jude Medical’s pacemakers and defibrillators, according to reports.
Instead of disclosing the vulnerabilities, MedSec used the information to profit. They worked with an investment firm to short-sell St. Jude Medical’s stock.
St. Jude Medical disputed the claims and filed a lawsuit alleging MedSec made up the story to manipulate its stock price. However, a federal investigation led by the FDA confirmed the vulnerabilities in early 2017.
In a 2015 report on the Internet of Things, the FTC issued guidance on the best practices for the management of connected medical devices.
With one of the big risks of medical device hacking coming from the devices acting as an entry point to hospital networks, FTC’s guide is a good starting point to help secure both devices and networks.
Chivaroli and Associates Insurance Services is a full-service brokerage firm specializing in the custom-design and placement of insurance and alternative risk funding solutions for your healthcare organization.