Addressing patient safety and the security of patient health information.
The increasing connectivity of medical devices to computer networks and the convergence of technologies have exposed vulnerable devices and software applications to incidents.
The need to protect patient data from cyber-attack is now well understood. However, the potential impact on clinical care and patient safety is raising concerns for healthcare organizations, regulators, and medical device manufacturers alike.
Control of a medical device could also be compromised. This paper considers the cybersecurity challenges facing the healthcare sector arising from the convergence of technology, hyper-connectivity, and recent developments in regulation.
It explains the issues and tensions between safety and security and what can be done to resolve them. The paper highlights emerging good practices and approaches that manufacturers can take to improve medical device security throughout its lifecycle.
The paper will also be of interest to others in the sector, including healthcare providers, IT suppliers, notified bodies, and regulators.
They will recognize the requirement to address security explicitly throughout the product/system lifecycle, including design, procurement, monitoring/auditing, and during operation, particularly when the inevitable cyber incident occurs.