Medical
devices do not work standalone any more. They are at one level part of
the networks of providers who use them and at another that of all other
networks of all other providers they get connected with; courtesy the
phenomena of interoperability and Health Information Exchanges. Under
such fast changing circumstances, the impact of incidents of hacking,
malware and other cybercrimes related to the devices have the potential
of taking gigantic proportions. Is there any one stakeholder who is to
be blamed for the majority of the accidents that result out of medical
devices? A thorough analysis done reveals that the outcome, which in
some cases could be really serious, can have a genesis involving any of
the concerned ones. For e.g. the manufacturers could be at fault for not
issuing regular updates which they are expected to. Because each patch
would require a review by the regulators, they might give it a skip
altogether in order to evade the process of going through the grill
every now and then. The hospitals might not also report all problems as
and when they arise. A classic case in point could be devices running on
old versions of operating systems which might get affected by malware
but would not get updated with the latest version of an antivirus as it
would require a review by the regulator. All such activities are not
necessarily in the best interests of the patients at large.
A
security breach, when it happens in a medical device is not just an
instance of patient information getting jeopardized. Technically, from
the perspective of a provider, it becomes a HIPPA liability. From
getting the device to malfunction it can clearly put at risk the lives
of patients. It is not uncommon to hear of incidents of hacking, malware
and cybercrimes leading to disastrous outcomes. What is a matter of
real concern is that as HITECH pushes forward with its EHR adoption
drive, it will eventually lead to medical devices getting tightly
connected to EHRs. It will thus increase the possibility of problems
arising out of faulty medical devices taking gigantic proportions. Once
the Stage 2 of Meaningful Use goes into effect, the widespread presence
of interoperability and health information exchanges can result in one
infected medical device corrupting distinct EHRs it eventually gets
linked with.
For Healthcare facilities, it is highly important to ensure the following
- ensure that there is no unauthorized access made to medical devices or networks
- track and monitor medical devise and network activity continually for early detection of any infection.
- have in place antivirus and firewall which get updated regularly
- stay in touch with manufacturers to stay updated on any particular risk they are aware of
- have provision to isolate devices in the event of their getting infected
- ensure continuation of activities during adverse events also
Most of the medial devices are built in such a manner that anyone who manages to have access to the password can get into the firmware of the devices and potentially change it. Since cyber and intentional attacks are a reality, a loophole like this can easily be exploited; especially if it has something to do with implantable electronic medical devices such as heart defibrillators and insulin pumps. FDA, on realizing this, has made it mandatory starting next year to have in place an agreement which would mean that only the device makers have the required access to alter the programming logic.
Broad guidelines issued to manufacturers require them
- to limit device access
- ensure that individual components have a high degree of protection
- build provision for quick recovery and retention in the event of breakdowns
- be quick to build security for devices keeping in mind the environment they operate in
Many start-up ventures are quite bullish on the potential medical devices have. This has led to a good amount of innovation in this field. Wearable technology is one area which is seeing a lot of traction with projections of the market reaching approximately $6 billion by the year 2016. However, since getting the regulatory sanctions is a critical element in the equation, and the process is expected to be a tough one, venture funds have not flown in at a desired pace yet. Healthcare software development teams can help you customize medical devices as well as build interactive dashboards for you to analyze the data.
We provide mobile health app development services as well. If you would like to hire developers for healthcare application, please contact us at Mindfire Solutions.
No comments:
Post a Comment