Wireless Medical Device Cybersecurity: FDA Draft Guidelines

The U.S. Food and Drug Administration recently issued a cybersecurity draft guidance for wireless medical device manufacturers that “outlines postmarket recommendations…including the need to proactively plan for and to assess cybersecurity vulnerabilities—consistent with the FDA’s Quality System Regulation.”

 

A KQED Science blog, Hacked Medical Devices Still a Big Threat in 2016, succinctly summarized the recommendations, which may require wireless medical device development companies such as DeviceLab to:

 

  • “Develop a risk management program that includes a plan for when a vulnerability is discovered.
  • Write disclosure policies, so hospitals and patients understand which aspects of a device may be less secure.
  • Release regular software and hardware updates for medical devices after they’re on the market.”

 

As we await the final recommendations—the FDA is currently providing a 90-day opportunity for public comment—we thought this would be an opportune moment to talk about how we already integrate cybersecurity into our wireless medical device design process.

 

Defining the Risks of Wireless Medical Device Security

Virtually everybody owns a wireless device—a mobile phone, for instance—and knows the importance of securing the device and the networks to protect the user’s privacy and identity. But that more often relates to people not wanting their credit cards, Social Security numbers, photos and other personal information/data unintentional revealed.

 

Wireless medical device data takes the level of personal information to an entirely new level. Virtually any information that can be monitored, tracked or shared in a traditional hospital or clinical setting can be done (or soon will be able to be done) with a wireless medical device. Considering the profound importance of HIPAA (the Health Insurance Portability and Accountability Act of 1996) from personal, medical and legal standpoints, the need to protect that information from being compromised is equally profound.

 

Protecting Wireless Medical Device Data

With an understanding of the kind of information that needs to be protected on a wireless medical device, the next logical step in preventing any compromises to is to protect the channels in which it travels—which is certainly easier said than done! After all, hackers—whether benevolent or nefarious—are always seeking weaknesses in online networks, which is unfortunately a condition for virtually any network.

 

To create wireless medical devices that don’t increase the risk of compromise, it first involves understanding how to secure the general wireless networks that we all use every day—but to again take it up a level and have a mastery of the specific wireless networks that are used by healthcare providers, whether inside or outside of their facilities.

 

DeviceLab has the experience, the technologies and the unquenchable desire to fulfill the dreams of not just innovators with new wireless medical device designs that want to quickly move “from concept to commercialization,” but the patients and healthcare providers for which they are being created. However, that requires being able to satisfy the FDA wireless medical device cybersecurity guidelines, and when they are finalized, be assured that we will be ready to accommodate them.