WASHINGTON, D.C. – October 28, 2019 – eHealth Initiative & Foundation (eHI) and Booz Allen Hamilton, released a joint report, “Securing Connected Medical Devices” to help industry stakeholders address the challenges associated with cyber security of connected medical devices. The medical device ecosystem is at a critical moment where strong leadership across industry, government, and the public is needed to prepare for a secure connected future. This document helps set the stage for the discussion.
“All connected medical devices are vulnerable to cyberattacks. When cybersecurity risks are not mitigated, clinical efficacy and patient safety are negatively impacted, and companies are left financially vulnerable,” said Jennifer Covich Bordenick, CEO of eHealth Initiative. “Each step in a device’s lifecycle poses a potential threat and cybersecurity must be addressed throughout the course of a medical device’s lifetime. All healthcare stakeholders need to be vigilant about making cybersecurity a core component of patient safety discussions and dedicated to working together to ensure safety.”
Included in the report is an important discussion about key challenges, such as evergreen vulnerabilities afflicting connected medical devices, the importance of a “threat-centric” mindset to combat an increasingly complex threat landscape, as well as the need to evolve past a “one size fits all” approach to security.
“While connected medical devices promise novel diagnosis, treatment, and convenience, they are also a valuable target to cyber criminals and hackers,” said Kelly Rozumalski, a Booz Allen Principal and Leader in the firm’s cybersecurity business. Shannon Lantzy, a Senior Associate at Booz Allen and a Leader in the firm’s Regulatory Science Innovation practice, added, “Securing connected health is critical to continuing medical product innovation in U.S. healthcare.”
Earlier this year, eHI convened a roundtable of healthcare executives for a multi-disciplinary discussion on the challenges and potential solutions for cyber readiness of medical devices. The discussion covered factors to consider for a connected device future as well as the value of healthcare stakeholder communication and collaboration around device cyber security, creating the framework for this paper.
“Responsibility for secure connected health lies with every player in the market, from manufacturers and regulators to healthcare delivery organizations, patients, and providers,” said Steve Kastin, a Booz Allen Senior Executive Advisor in the firm’s health business. “The growing connectedness of devices adds exponential value to medical devices, but with this opportunity comes the important responsibility to strengthen protections against malicious cyber actors.”
Securing Connected Medical Devices can be found in eHI’s eHealth Resource Center, https://www.ehidc.org/resources/securing-connected-medical-devices