Cybersecurity in MedTech

by | Jun 30, 2021 | Cybersecurity, Healthcare, Medical Devices, MedTech, Quality

Dr. Avi Rubin, a computer science professor at Johns Hopkins University spoke during a TED talk to offer awareness for cybersecurity in medical devices. He claimed that all programmed implantable devices must wirelessly communicate to be reprogrammed or subjected to diagnostic testing. Most devices, especially implants, are now required in the medical industry to be wirelessly connected to a network for efficient communication1. Without a complete understanding of trustworthy computing and what it is hackers can do or want, there is unpredictable danger looming. For example, a commercial off-the-shelf ICD or an implantable cardioverter-defibrillator, better known as a pacemaker, was used in an experiment to test the software security by launching different cyber-attacks in an attempt to compromise the device1. Using reverse engineering techniques, the research team was able to create a simple transmitter with the ability to send wireless signals using only commodity equipment and software. The device was successfully compromised in several catastrophic ways like altering therapies such as fibrillation and disabling the device completely, in addition to battery draining, full access to patient personal information, and cardiac data, among many more1. This experiment is a representation of the underlying liabilities medical devices possess as wireless communication becomes the standard in healthcare technology.

The FDA recognizes the insurmountable liabilities of inadequate cybersecurity, which calls for relentless attention in reducing all known cybersecurity risks of different devices. In an effort to identify all known risks posed by a weakness in the software or some exposed factor of a medical device, the FDA implemented what is called “safety communication”2. These are notification messages containing useful information about the vulnerability and recommended actions the patients, providers, and manufacturers can take to mitigate most cybersecurity threats. Using their extensive database of diverse device records, the FDA will provide cybersecurity insight to those marketing similar devices about applicable risks2.

The team at EMMA International has proven experience helping navigate the necessary steps to comply with cybersecurity regulations tailored to different sectors of MedTech. Be sure to give us a call at 248-987-4497 or email us at info@emmainternational.com to learn more about how EMMA International can take the stress out of cybersecurity regulations as it pertains to all things quality and regulatory compliance!

1Dr. Hugh Herr (TED 2011) Security Vulnerabilities, Threats and Attacks in the Real World, Retrieved on 29 June 2021 from: https://www.ted.com/talks/avi_rubin_all_your_devices_can_be_hacked#t-16719

2FDA (2021) Cybersecurity, Retrieved on 29 June 2021 from: https://www.fda.gov/medical-devices/digital-health-center-excellence/cybersecurity

Zach Nies

Zach Nies

Quality Engineer (Co-Op) - Mr. Nies has experience in combination products, pharmaceuticals, and FDA compliance for many life science industries. He has experience with many different elements of quality and regulatory compliance. Mr. Nies is completing a Bachelor of Engineer degree in Biomedical Engineering from Wayne State University.

More Resources

CLIC©: A Self-Learning QMS?

CLIC©: A Self-Learning QMS?

‌  Our clients have extensive experience and familiarity with CLIC, but for many of you out there, it is a ...

Ready to learn more about working with us?

Pin It on Pinterest

Share This