For full functionality of this page it is necessary to enable JavaScript. Here are the instructions how to enable JavaScript in your web browser Cybersecurity Risks: The Future of Medical Device Recalls

Cybersecurity Risks: The Future of Medical Device Recalls

Technology has advanced to the point where our TVs, phones, watches, laptops, kitchen appliances, cars, and even our medical devices all talk to each other.

And just like cyber hackers can hijack our cars and laptops, they can breach the physically embedded digital pumps used to deliver personalized medicine or manage the pulses in a pacemaker.

While computers can make medical devices more accurate, they are also vulnerable to the same sort of coding bugs that end up in other software. Here’s the challenge: when devices connect; monitor, record and share information; or control how or when a treatment is administered, cybersecurity risks are a real concern that must be continuously evaluated and planned for. Does that sound extreme?

Take our word for it when we say it’s not. The truth is anytime a device has software that relies on an internet connection, it can become vulnerable to hackers – especially if it’s an older device that was built more than a year or two ago.

The Food and Drug Administration (FDA) issued 11 medical cybersecurity warnings since 2013. The first ever medical device recall happened in 2017 when FDA recalled a pacemaker after investigating and finding many areas of non-compliance. Likewise, it reported vulnerabilities in IPnet, a widely used third-party software component, in October 2019. More recently, FDA warned hospitals  about a flaw that could allow cybercriminals to tamper with medical devices used for monitoring blood pressure, heart rate, temperature and patient status.

These cybersecurity vulnerabilities could potentially allow anyone to take control of a medical device and tamper with its functions, which could put a patient’s health, safety, or even life on the line. Personal data can be compromised, or the device could even malfunction when a hacker takes over. Still today, most patients are unaware of the potential dangers.

This is where manufacturers and healthcare organizations need to work together to protect patients. Manufacturers are responsible for identifying risks and hazards associated with their medical devices, and that includes any cybersecurity risks. But health care organizations must also share with device manufacturers their growing body of experience with these digitally controlled life savers.

We expect to see more regulatory guidance on medical cybersecurity in 2020 – but for the time being, our advice to medical device makers is to be ready with a plan to deal with a breach if it occurs. In fact, most crisis plans for medical device manufacturers we’ve seen don’t take this into account. That must change because government regulators, the news media, and patients – and their lawyers – will be unforgiving if companies seem to be negligent after all this time.
As you consider the ongoing cybersecurity threats that could impact your product and the health care professionals and patients that rely on them, remember to update your crisis plan. It’s a long-term commitment that requires constant monitoring, evaluation and analysis from first development through the entire lifecycle of the product. Cybersecurity threats evolve, and your products and your plans to protect them must too.

With experience handling thousands of product safety and recall events, we have a unique perspective on the risks, challenges, and often over-looked opportunities associated with these types of reputational matters. We’d love to share our thoughts with you.

Get Recall Updates and More

Stay on top of the latest in Recalls with Expert Solutions! Our Quarterly Recall Index insights keep you up-to-date with recall trends, while our blogs and Expert Spotlight provide timely information from industry specialists.

Subscribe Now
Stericycle ExpertSOLUTIONS

Stericycle Expert Solutions focuses on helping customers by providing proven, customer-centric, scalable services that protect people and brands, promote health and safeguard the environment.

Find Out More

Stericycle on Twitter


Get In Touch

If you're ready to get started with our extensive suite of services then contact us today. We have a team of experts ready to assist you!

Contact Us today