Are medical devices at risk from cyberattacks?

It might seem impossible, but all sorts of medical devices, from pacemakers to defibrillators, insulin pumps and even nurse call buttons in hospitals could be at risk of attack from hackers.

According to the FBI, 53% of those digital devices are vulnerable to a cyber attack.

"We are totally at risk, and in my experience being in healthcare for 20 plus years, that has been, this has been one of the top three cyber risks in the industry," said Vikrant Arora, Chief Information Security Officer at the Hospital for Special Surgery.

"The risk can be if they hack into an insulin pump, that they either stop the insulin from being secreted from the pump so that the person then doesn't get their insulin or give too much insulin," said Dr. Mark Jarrett, Senior Health Advisor for Northwell Health.

According to Dr. Jarrett, large hospital systems have cybersecurity departments to upgrade software when available and monitor for potential hacking. However, ambulatory centers and smaller hospitals might not have the resources.

Smaller hospitals simply might not have the staff to do such updates, putting them more at risk. According to Dr. Jarrett, for a small fraction of patients, it might even be a life-threatening problem.

Now, under a new law that went into effect in March, the FDA is requiring manufacturers to include cybersecurity software and update capabilities in all of their new medical devices in the future.

"If you don't have cybersecurity when you're first putting your device out on the market, you're not going to get to market," said Dr. Aftin Ross, a cybersecurity policy expert with the FDA.

But, the new FDA law does not apply to the millions of medical devices already in use.

HealthHealth Care