Medical and mHealth devices must meet fast evolving cybersecurity standards
Alexander Dittel, Marta Dunphy-Moriel
We have seen an exponential growth in a variety of medical devices and mHealth devices over the last 10 years. Many modern devices rely on “hyper-connectivity” to deliver medical services in new ways and to monitor and diagnose patients remotely. However, this comes at the cost of increased cybersecurity risk.
A medical device will include any instrument, apparatus, software, material or other article intended for diagnostic or therapeutic purposes for humans which does not predominantly rely on pharmacological, immunological or metabolic processes. mHealth products such as fitness, lifestyle or well-being apps are not regulated as medical devices, but they may sometimes face similar challenges.
Medical devices have not avoided disruption through injection, spoofing, denial of service, ransomware and other attacks. We are told about implantable cardiac devices with a wireless transmitter that could be manipulated to deplete the battery or administer inappropriate pacing. Attackers could fatally alter hospital drug dosing systems. In its recent annual report, the National Cyber Security Centre (NCSC) disclosed notifying 51,910 indicators of compromise to the NHS over the year and safeguarded against Russian state attacks aimed at vaccine espionage.
It is clear that poor cybersecurity implementation could affect...