by Ken Dropiewski, Prime-Core Executive Search (ken@prime-core.com)
It has the makings of a plot for a blockbuster movie: a high ranking government official or world leader assassinated by a nefarious hacker who remotely accesses an implanted cardiac device. Plot lines and prominent world leaders notwithstanding, cyber-security risks for implantable cardiac devices are a concern. However, the outcome is not quite so dramatic.
Connected Devices and The Internet of Things
With more and more devices connected to the Internet of Things, the greater risk is using the easy access devices to connect to a larger network of health data. By breaking into these networks, hackers have held health systems hostage until ransoms, totaling in the millions, have been paid.
Device Security is Not a New Concern
Way back in 2008, a paper entitled Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses was presented. Researcher found that cardiac devices were more susceptible to attacks compared with other medical devices. However, at the there was little known about cardiac devices from a computer security standpoint. At the time, it was said that these devices had less security onboard than a common credit card.
Device Security Today
Owing to a number of high profile and costly attacks over the last decade, the FDA has taken oversight of this matter. Regulations and standards bodies are putting significant effort into improving security and privacy. The FDA currently requires device manufacturers to perform risk assessments of their devices and correct or remove products that have vulnerabilities. If medical device cyber-security controls are found to be inadequate, the agency forces design changes from manufacturers by delaying the approval of devices.
Questions and Challenges
But what about the systems the devices connect to? If hospitals and practices that tap into the devices to obtain data do not keep their systems updated with the latest security patches, password management, and network redundancy should they be able to access the device data? And, if as a result, a breach occurs, who then is at fault?
Our strategy focuses on enabling our clients to recruit the right people for the structure in which they will perform. Please contact us to learn more about our expertise in Executive Search for Commercial Leadership positions in Medical Device and Biotechnology; including Marketing, Strategy, Sales Leadership, Training, Development, etc. We look forward to the opportunity to help you consistently improve your performance and your business!
