Thousands of patients suffered harm from cyberattacks that hit their medical devices, a new survey of device manufacturers and provider organizations found.
Two of 40 medical device executives surveyed said an unreported event associated with a medical device cybersecurity vulnerability harmed 100 to 1,000 patients.
The survey also found 20% of the respondents did not implement new policies based on the Food and Drug Administration’s cybersecurity guidance, which includes regulations for meeting mandatory quality system regulations.
The survey, conducted by researchers at the University of California, San Diego, will publish in an academic journal.
Medical device cybersecurity grows as a concern among both industry groups and lawmakers, according to reports.
The Advanced Medical Technology Association, a medical device trade group, says the shelf life of underlying technology is short, 3 to 4 years, making it difficult to support updates or patches beyond that time frame.
A Department of Health and Human Services Cybersecurity Task Force issued a report last year specifically calling out legacy medical devices as a weak spot.
Software was the most significant driver of device recalls which reached record highs over the first three months of 2018.
In light of this news, it is important that security and privacy insurance addresses bodily injury, says Christian Chivaroli, President and CEO of Chivaroli & Associates.
Chivaroli and Associates Insurance Services is a full-service brokerage firm specializing in the custom-design and placement of insurance and alternative risk funding solutions for your healthcare organization.