COLUMBUS, Ohio (WCMH) — Cybersecurity concerns are creeping their way into medical devices.
Given technological advancements that have enhanced medical systems and devices — like the ability to connect to the internet, a mobile phone, or hospital networks to share information — security issues are becoming more common, according to former U.S. Food and Drug Administration Associate Commissioner Peter Pitts.
“Sometimes, what sounds like science fiction is actually reality,” Pitts said. “Science fiction has come to medical devices such as hearing aids and pacemakers, as well as hospital IT systems.”
While technological improvements create opportunities to advance myriad aspects of the world of healthcare, Pitt said it also leads to problems with cybersecurity.
“We know for a fact that hackers are shutting down hospitals and holding their IT systems for ransom,” Pitts said. “That’s where the money is. Cyberterrorists recognize that by seizing control, for example, of a hospital’s IT systems they can demand large sums of money and they’re getting it.”
Why should you care?
“We have situations where you have medical devices that are implanted, like pacemakers, that through the internet send information directly from your body to your healthcare provider,” said Pitts said. “But it also presents the opportunity for bad players to intercept that information and change it so that your doctor might think you’re healthy when you’re not or vice versa.”
According to its website, the U.S. Food and Drug Administration regulates and works to reduce cybersecurity risks within medical devices. But Pitts said that should be top of mind for hospitals and patients, too.
“If you’re a hospital, prioritize cybersecurity. If you’re a patient, ask your healthcare provider what type of cybersecurity mechanisms are in place for the devices that you’re being given.”
How to keep your medical devices safe
The FDA offers additional information on ways you can keep your medical devices secure:
- Use good password practices for your device. Create a unique password and do not share it with others.
- Keep your device within your physical control.
- Only connect your device to other devices and software if the device manufacturer or your health care provider indicate it is okay to do so.
- Keep your device updated. Updates may have useful things to protect you like patches or fixes for new cybersecurity risks. Stay up-to-date so your device has the best protection available.
- Check in with your device manufacturer or health care provider about other best practices specific to your device.
Visit the FDA’s website to see what the agency is doing to help ensure that connected medical devices are protected from cybersecurity threats.