FDA Working with Ethical Hackers in Healthcare Industry

Technology in the healthcare industry has really gotten advanced. Doctors are now using robots to perform complex surgery. There are more tests that are aiding in the early detection and treatment of serious ailments. Hospitals and medical practitioners are continuing in the widespread adoption of electronic health records as well as convenient and lifesaving apps that connect patients to those records in real-time. Even the growing improvements to virtual reality is providing a way for medical professionals to practice in a hyper-realistic simulated environment.

These medical advancements are amazing and provide an optimistic outlook for further treatments and advancements in the future. These advancements do not, however, come without a cost. The continued assaults on the digital battlefield are producing serious concerns not only for the technology itself but the very safety of patients. This is no more apparent than with Medtronic’s, a medical technology company, CareLink implantable pacemakers that were disclosed in early January 2017. A vulnerability that was discovered in the device’s internet-based update platform, it was found that this device, which is responsible for sending electronic pulses to one’s heart in order to control abnormal heart rhythms, could be hacked. Medtronic has since disabled remote internet updates to these vulnerable devices, but this highlights a serious concern in an ever-growing threat from malicious hackers.

With vulnerabilities and attacks on the rise within the healthcare industry, the U.S. Food and Drug Administration (FDA) announced on in an October 16th press release that, in cooperation with the U.S. Department of Health and Human Services (HHS) and the U.S. Department of Homeland Security (DHS), National Protection and Programs Directorate (NPPD), will be expanding their efforts to engage in medical device cybersecurity. As stated in the purpose statement of the Memorandum of Agreement,

This Agreement is executed to formalize and enhance the working relationship of the Parties, including roles and responsibilities, when sharing information related to vulnerabilities and threats to the Healthcare and Public Health that involve the cybersecurity of a medical device(s). The goal is to share such information to enhance mutual awareness, heighten coordination, catalyze standards development, and enhance technical capabilities between the Parties. This Agreement provides a framework for coordination and the principles and procedures by which information sharing and related interactions between the Parties shall take place.

The backing of these federal agencies is a big step forward for the healthcare industry, which has seen a rapid spread of connected medical devices has left it more exposed to cyber attacks than ever before. Furthermore, the FDA and these other agencies have begun to turn to ethical hackers to help these agencies and manufacturers to help find potential vulnerabilities that put the lives of patients’ at risk. In a statement from Christopher Krebs, undersecretary for the National Protection and Programs Directorate at the DHS,

Ensuring our ability to identify, address and mitigate vulnerabilities in medical devices is a top priority, which is why DHS depends on our important partnership with the FDA to collaborate and provide actionable information. This agreement is another important step in our collaboration…DHS has some of the top experts on control systems technology and we look forward to continuing to leverage this expertise for the sake of improving the lives and safety of people across the country.

We live in a very exciting, but equally scary and uncertain time. Threats from cyberspace and the hackers that inhabit it are a constant threat. By taking proactive steps like the FDA and these other federal agencies, cybersecurity is beginning to get a foothold on the threat. There is still more work to do at every level of the public and private sector. Until we as a national and a global community are able to come together to close cybersecurity skill gaps in the workforce and are more often on the offensive than the defensive, threats to the healthcare and other critical industries will continue to remain in the cross-hairs of hackers.



This site uses Akismet to reduce spam. Learn how your comment data is processed.