Medical Design and Outsourcing

  • Home
  • Medical Device Business
    • Mergers & Acquisitions
    • Financial
    • Regulatory
  • Applications
    • Cardiovascular
    • Devices
    • Imaging
    • Implantables
    • Medical Equipment
    • Orthopedic
    • Surgical
  • Technologies
    • Supplies and Components Index
    • Contract Manufacturing
    • Components
    • Electronics
    • Extrusions
    • Materials
    • Motion Control
    • Prototyping
    • Pumps
    • Tubing
  • MedTech Resources
    • Medtech Events in 2025
    • The 2024 Medtech Big 100
    • Medical Device Handbook
    • MedTech 100 Index
    • Subscribe to Print Magazine
    • DeviceTalks
    • Digital Editions
    • eBooks
    • Educational Assets
    • Manufacturer Search
    • Podcasts
    • Print Subscription
    • Webinars / Digital Events
    • Whitepapers
    • Voices
    • Views
    • Video
  • 2025 Leadership
    • 2024 Winners
    • 2023 Winners
    • 2022 Winners
    • 2021 Winners
  • Women in Medtech
  • Advertise
  • Subscribe

Is the medical device world taking cyber security seriously?

March 2, 2016 By Heather Thompson

hospitalhacker1Cyber security is a scary topic. I’d bet many medical technology makers feel unfamiliar with the terminology and would rather not discuss the details. But the reality of hacking is forcing the issue.

A few weeks ago, I attended the International Stroke Conference. During my time at the event, I wandered the expo booths and struck up a conversation with a telehealth service provider. To be fair, this person was not an IT expert, but he glossed over my serious question about how the company was protecting itself and the data that’s uploaded via its moving camera system.

What he essentially said was that the company follows the security protocols and they are in compliance. This conversation is emblematic of the feedback I’ve been getting for the past few months. At nearly every level, medical device suppliers, OEMs, and hospitals are not talking about security. We are waving it away.

And if OEMs aren’t talking about it, it means clients aren’t asking. And if no one is asking, it means companies probably aren’t doing the best job ensuring that they’re protected.

Looking at some data that’s come out in the last few weeks, this lack of initiative grows even scarier:

  • A report from the Institute for Critical Infrastructure Technology finds that recent cybersecurity guidance for device makers from the FDA falls way short.
  • Redspin’s Breach Report 2015: Protected Health Information (PHI) concluded that hacking attacks factored in 9 of the 10 largest breach incidents of the year – incidents which led to the compromise of 98.1% of all patient records breached in 2015.
  • The same report said that “phishing” – tricking healthcare employees into disclosing their login ID’s and passwords through fraudulent emails or other methods – played a role in many of the 2015 hacking attacks.
  • On Feb. 18, Hollywood Presbyterian Medical Center paid a $17,000 ransom in bitcoin to a hacker who seized control of the hospital’s computer systems including blocking access to patient records.

These troubling trends are being considered by a subset of the industry that does want to discuss the problem: Embedded software security providers.

One of the challenges, says Battelle’s Stephanie Preston, is legacy products. Preston is an embedded systems engineer and certified ethical hacker. She says that medical devices are a unique challenge due to their long development life cycles – ranging anywhere from 18 months to 10 years – and their long deployment life. “I’ve heard rumors of devices as old as 20 years still operating in hospitals.”

Preston says in the immediate term, “manufacturers need to take a look at their currently fielded devices to determine the security situation they’re in.” She advises that OEMs perform vulnerability assessments, or conduct penetration tests on devices that are in care situations. Those results should help OEMs prioritize and develop a strategy for securing the devices.

“The long game is for manufacturers to adopt secure design practices, and incorporate vulnerability assessments and testing as a routine part of the development lifecycles,” says Preston.

ModbusFilteringHRIcon Lab president Alan Grau has an approach that could help. Icon just released its Floodgate Modbus Protocol Filtering product. This extension to Icon Labs’ Floodgate Security Framework adds critical protection capabilities for Industrial IoT and RTOS-based devices. The group partnered with Renesas Industrial Automation to demonstrate the process.

Icon is betting that its embedded system will provide a deeper level of protection for medical device technologies.

“This is not just hardware in front of the device,” says Grau. “Our customers really want to make sure they are providing secure products to the market.”

He also noted that 50% of attacks come from internal sources and are not all malicious in intent. “If a user does something inadvertently, e.g., changes a setting in a way that causes the system to react, you can still be protected if your illegal actions are protected with embedded security in the device.

There’s a saying among security experts, he says: “There are two kinds of companies, those who have been hacked, and those who don’t know they’ve been hacked.” Grau says we shouldn’t expect medical product companies or hospitals to be any different.

Related Articles Read More >

A photo of someone inspecting a microchip.
Why cleaning medical PCBAs is harder than ever — and what to do about it
An image of the Abbott Volt PFA System catheter and cart, which helps physicians visualize the location and effectiveness of cardiac ablation.
Abbott’s Volt PFA system isn’t just a catheter and a waveform
An image of Abbott's Infinity deep brain stimulation (DBS) implants and leads.
How Abbott developed the first-of-its-kind Infinity DBS system
An image of the Abbott Volt pulsed field ablation (PFA) catheter.
Why Abbott went with a balloon-in-basket design for its Volt PFA catheter
“mdo
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest medical device business news, application and technology trends.

DeviceTalks Weekly

See More >

MDO Digital Edition

Digital Edition

Subscribe to Medical Design & Outsourcing. Bookmark, share and interact with the leading medical design engineering magazine today.

MEDTECH 100 INDEX

Medtech 100 logo
Market Summary > Current Price
The MedTech 100 is a financial index calculated using the BIG100 companies covered in Medical Design and Outsourcing.
DeviceTalks

DeviceTalks is a conversation among medical technology leaders. It's events, podcasts, webinars and one-on-one exchanges of ideas & insights.

DeviceTalks

New MedTech Resource

Medical Tubing

MassDevice

Mass Device

The Medical Device Business Journal. MassDevice is the leading medical device news business journal telling the stories of the devices that save lives.

Visit Website
MDO ad
Medical Design and Outsourcing
  • MassDevice
  • DeviceTalks
  • MedTech100 Index
  • Medical Tubing + Extrusion
  • Medical Design Sourcing
  • Drug Delivery Business News
  • Drug Discovery & Development
  • Pharmaceutical Processing World
  • R&D World
  • About Us/Contact
  • Advertise With Us
  • Subscribe to Print Magazine
  • Subscribe to our E-Newsletter
  • Listen to our Weekly Podcasts
  • Join our DeviceTalks Tuesdays Discussion

Copyright © 2025 WTWH Media, LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media LLC. Site Map | Privacy Policy | RSS

Search Medical Design & Outsourcing

  • Home
  • Medical Device Business
    • Mergers & Acquisitions
    • Financial
    • Regulatory
  • Applications
    • Cardiovascular
    • Devices
    • Imaging
    • Implantables
    • Medical Equipment
    • Orthopedic
    • Surgical
  • Technologies
    • Supplies and Components Index
    • Contract Manufacturing
    • Components
    • Electronics
    • Extrusions
    • Materials
    • Motion Control
    • Prototyping
    • Pumps
    • Tubing
  • MedTech Resources
    • Medtech Events in 2025
    • The 2024 Medtech Big 100
    • Medical Device Handbook
    • MedTech 100 Index
    • Subscribe to Print Magazine
    • DeviceTalks
    • Digital Editions
    • eBooks
    • Educational Assets
    • Manufacturer Search
    • Podcasts
    • Print Subscription
    • Webinars / Digital Events
    • Whitepapers
    • Voices
    • Views
    • Video
  • 2025 Leadership
    • 2024 Winners
    • 2023 Winners
    • 2022 Winners
    • 2021 Winners
  • Women in Medtech
  • Advertise
  • Subscribe