DHS Investigating Medical Device Security, Too

Posted by Rebecca Santorios on January 7, 2016

2e1ax_origami_entry_BIODATA_DHS_600x228.jpgCompliant cloud hosting providers, like ByteGrid, give medical device manufacturers a head start in ensuring device security. These companies are increasingly focused on cybersecurity, as yet another federal agency turns their eye toward their systems, looking for weak spots. Only a few weeks after the FDA's finalization of the Guidance for Content of Premarket Submissions for Management of Cybersecurity in Medical Devices, it was announced that the U.S. Department of Homeland Security is investigating possible cybersecurity flaws in medical devices.

According to news reports, the investigation includes a variety of devices, particularly insulin pumps and pacemakers, which have been highlighted by security researchers as particularly vulnerable to life-threatening attacks by hackers. These researchers got a lot of attention when they showed that they could hack into these devices and deliver a lethal drug dose, or a fatal electric shock. While somewhat less dramatic, the DHS's investigation also purportedly includes hospital networking equipment and imaging systems.

The headline can't help but jump out at us, coming so close to the release of the guidance, but this isn't the first time that the DHS has been involved in medical device security. Another well-known incident, in 2012, was triggered when a website used to supply software updates for devices was found to be widely contaminated with malware. A range of ventilators and respiratory products could have been impacted, though the FDA has reported that there are no known adverse events associated with cybersecurity failures. Without doubt, the internet presents a convenient way to provide the latest updates to service personnel no matter where they are, but this episode highlights the risks involved. It's no surprise that the guidance specifically talks about the need to ensure software updates are deployed in a way that assures device integrity.

Medical device manufacturers need not shy away from networking their devices nor from using the latest technology to keep them up to date, but they do need to be aware of the risks, and make sure that they take the proper precautions to ensure they don't encounter serious problems. There are a lot of steps involved, and an experienced IT compliance partner can help make the difference between a safe, profitable device and one that makes unwanted headlines.

At ByteGrid, we've built our systems specifically to provide a secure cloud platform for FDA-regulated companies. We want our clients to be able to take advantage of current networking technology, with full confidence that they're ensuring patient safety and maintaining regulatory compliance. Our customers know that their IT infrastructure has been designed to meet FDA requirements, and that we've already prepared many of the deliverables they need to support their submissions. We can help you achieve compliance for your system, end-to-end, with our full-time compliance staff and our team of security experts. Come take a look at our secure data center, and examine our quality system. Talk to us today to learn how we can help you get started with truly compliant cloud hosting.

Click to edit your new post...