In August of 2018, a cybersecurity company (McAfee) announced that it was able to modify patients’ heart rate data that was shown on a central monitoring screen. McAfee’s study showed that for there to be any impact on a patient, the modification would have to be believable to tending providers and occur in real time. McAfee determined that by utilizing the same network as the devices, it was possible to modify vital signs in real time. Since that study, numerous IT professionals have expressed concern about the safety of devices in terms of cybersecurity. A recent study from KLS Research and the College of Healthcare Information Management Executives showed that hospital IT executives were not unified in their confidence of medical device security. 31% of those surveyed said that they were “unconfident” “very unconfident” in medical devices ability to protect patient safety and prevent disruptions in patient care. By unifying efforts to address cybersecurity, higher confidence in devices as well as the ability to more effectively monitor and resolve potential breaches can be achieved.
The new memorandum between the FDA and Department of Homeland Security creates a broad effort to protect the safety of patients. By increasing communication between the two departments, the government and stakeholders can increase their awareness of threats and improve responses to them.
We advise and represent hospitals, medical practices, physicians and other healthcare providers. If you have questions about this post, contact us at (404) 685-1662 (Atlanta) or (706) 722-7886 (Augusta), or by email, info@littlehealthlaw.com.
Disclaimer: Thoughts shared here do not constitute legal advice. Please consult with an attorney to discuss your legal issue.
Source: FDA Memorandum of Understanding