A new U.S. Food and Drug Administration (FDA) warning has revived the debate over how much security should be installed on equipment such as fitness trackers, defibrillators and pacemakers. According to a report on Healthline.com, the FDA warned consumers that the devices could send out shocks or incorrect signals if a hacker drained the battery. Of course, it goes without saying that this type of hacking, particularly with pacemakers, could prove fatal for the person who has one of the implanted devices.
Although hacking has been in the news recently after Americans expressing concerns about Russian interference in the 2016, presidential elections, vulnerabilities involving medical devices are really nothing new. The medical devices that are currently in the market are simply not made with security in mind. When you buy these devices, they probably come with default usernames and passwords, which all means zero protection from hacking or other types of manipulation.
Giving Manufacturers a Push
Consumer advocates say manufacturers are not likely to make security a top priority until they are given a push in the right direction. The FDA has issued a few guidelines when it comes to securing medical devices against cyber threats. However, if makers of these products fail to put these safeguards in place voluntarily, the FDA may have to pass formal rules and enforce them in order to protect consumers. Last July, the FDA issued guidelines stating that it would regulate devices such as Fitbits.
Safety advocates say that it would be in manufacturers’ best interests to voluntarily put these safeguards in place to protect consumers because medical device security is not a problem, but a solution to an existing problem. When more cybersecurity measures are in place, patients will develop the confidence to rely on their lifesaving devices. With regard to devices such as Fitbits, the hacking is almost always for financial gain.
Last year, a cyberattack on Fitbits involved compromising account user names and passwords. When hackers have access to such data, they could also infect computers with malware. In the Fitbit hacking case last year, scammers compromised the accounts to make false warranty claims and got replacements. Safety advocates say security shouldn’t be an afterthought for these devices, but needs to be built into them.
How Can You Protect Yourself?
Protecting yourself and your medical devices or wearables from hackers can seem like a daunting challenge. However, it is important to remember that there are steps you can take to ensure that you don’t become a victim of medical device hacking. Here are a few tips.
- Get to know and understand the product and how it works, even before you start using it. Find out if the product manufacturer made it with cybersecurity concerns in mind. It is important to understand that the manufacturers of these devices are responsible for the security of the device. It is their responsibility to mitigate cybersecurity risks just as they would take care of technical malfunctions and other issues with the product. Medical device manufacturers may not disclose details about their products. However, any interest shown in cybersecurity from patients, consumers and healthcare professionals could and should lead to greater transparency in the near future.
- Share the information you have. The FDA is recommending that individuals, entities and businesses in public and private sectors participate in Information Sharing Analysis Organizations. The purpose of these organizations is basically to help identify, detect, understand and evaluate security issues in medical devices. The goal is to find and remedy potential problems with cybersecurity before any consumers are compromised.
- Make sure you have a plan. It is important for all of us to understand that every medical device on a network in vulnerable. It will be crucial to take the steps necessary to monitor and assess the risk, and see how you can minimize it. Although there have been no cases yet of hackers breaching a medical device’s security, it is entirely possible and quite easy to accomplish. Hackers are not a major problem, but it is always better to be proactive than reactive. Analyze your network and create a cybersecurity plan.
- Hospitals, clinics, medical device makers and other medical facilities should make it difficult for hackers to steal private patient information by using stronger passwords, smart card systems and biometrics scanning. The more secure you make your network, the more secure your individual medical devices will be. Password managers are a good way to safeguard your systems against internal and external threats. Password managers store your passwords in an encrypted file making it difficult for hackers to steal them.
- Make sure that your technology is up to date. Although everything needs to be screened by the FDA to ensure patient safety, the agency now permits routine software updates or patches that can skip the review process. This makes technology updates quicker and less complicated. It is more difficult for hackers to get into to newest software. This makes it all the more important for you to keep all of your medical devices and software up to date.
- Identify potential dangers. Hackers are also looking to manipulate weaknesses in human networks in order to gain access to sensitive information. To prevent employees from getting manipulated make sure all personnel are trained with regard to strategies hackers use. Employees should learn to identify phishing scams, verify official information and should know not to engage with unsolicited and unknown email sources.
Protecting Your Legal Rights
Medical device manufacturers have an obligation to ensure that consumers’ information is kept reasonably safe. They also have a responsibility to safeguard the health and safety of patients who are implanted with these devices. If you believe you have been the victim of a cyberattack or a data breach, you may have a case. An experienced California consumer attorney can help determine if a manufacturer tried to adopt the necessary safeguards that would have prevented the breach from occurring, such as encrypting customers’ personal information. You may be eligible to receive compensation for the injuries, damages and losses sustained through a class action lawsuit. Contact an experienced consumer attorney today to examine your legal rights and options.