The U.S. Food and Drug Administration (FDA) have set up guidelines to manage and protect the security of medical devices.
"There is no such thing as a threat-proof medical device," said Dr. Suzanne Schwartz, director of emergency preparedness/operations and medical countermeasures at the FDA's Center for Devices and Radiological Health. "It is important for medical device manufacturers to remain vigilant about cybersecurity and to appropriately protect patients from those risks."
The federal agency encouraged manufacturers of medical devices to always consider cybersecurity and the associated risks in the design, development, and production of their products. The companies are required to alert the FDA of any vulnerabilities and the action plan to mitigate it.
Although there are no reports yet of any medical device attacked by hackers and other cybercriminal groups, the FDA noted that risks will surface after some time, especially because these medical devices are connected to networks.
"Many devices are poorly secured and do not require a lot to hack. If there is sufficient incentive to do so, it will happen, causing harm to patients," Shel Sharma, director of Cyphort, told USA Today. Cyphort is a threat-detection firm.
The Guardian LV reported that researchers have recognized the threats in medical devices especially the implanted devices used by millions of people for survival. These devices are connected to the Internet and hackers could go to the extent of taking over the system to threaten the patients' lives.
Updating the software of implanted medical devices is not as simple as other devices as it requires surgery. Installing security devices on these devices could also affect the battery power and replacement of the batteries also includes surgery.
The FDA factored in these issues and other concerns while drafting the recommended guidelines. The new guidelines require manufacturers to make out cybersecurity risks and find a solution before launching a product into the market.
The FDA will conduct a national workshop to further discuss the cybersecurity and medical devices' guidelines in Oct. 21 and 22.