Medical device security reaches a tipping point
ORLANDO – Medical device security is flawed, but the fix isn’t going to happen overnight. And there’s no one entity to blame, according to Dale Nordenberg, executive director of MDISS (Medical Device Innovation, Safety and Security Consortium).
But just as there’s no one person at fault for unsecured medical devices, there’s no one solution to the problem, Nordenberg explained.
“There’s no vendor out there today with the solution: There’s no magic wand,” Nordenberg said. “There’s no way to fix these devices tomorrow, and there’s no way hospitals can fix systems overnight — and we shouldn’t expect it.
“But collectively — health systems, manufacturers and the government — we can make a huge difference. Medical device cybersecurity is a public health challenge.”
MDISS has partnered with manufacturers, healthcare organizations and its associations to work on a legislative position that makes sense.
Crowdsourcing medical device risk assessments that can be used by other providers to evaluate medical devices is crucial, Nordenberg explained. MDISS is building a national data commons around this idea, in addition to a best practice guide to help all healthcare organizations determine the best way to assess devices.
Hospitals should be able to track medical devices, in the same way hospitals evaluate and track infectious diseases, Nordenberg said.
The FDA is already tightening guidance policies on post-market requirements, but a soft enough stance that it gives vendors time to catch up with these issues, he said.
“It’s not just about the FDA crushing manufacturers to fix the devices,” Nordenberg said. “It’s quickly becoming a New World order. We’re trying to evolve the message and dialogue. If we work together, we can engineer out a lot of that risk, especially if we know it’s there.
“As we move from tech-centered security to meaningful security, buckle up. “Because if we have anything to do with it, we’ll create patient-centric security.”
In 2017, Nordenberg believes there will be a major uptick in device security.
“We’ve reached a tipping point,” Nordenberg said. “Most every hospital is approaching medical device security from an informed, rational perspective. It doesn’t mean they know what to do, but they’re asking the right questions and seeking help.”
“The emergence of drug-resistant diseases are expanding in a ferocious way, although the industry thought it had the problem nailed down,” Nordenberg said. “Either we’re off track in discussing medical device security, or the problem is as big as the leading cause of death by infectious diseases.”
This article is part of our ongoing coverage of HIMSS17. Visit Destination HIMSS17 for previews, reporting live from the show floor and after the conference.