A group of cybersecurity experts, representing everyone from NASA to academic medicine, formed a committee targeting the small but potentally lethal threat in which a hacker takes control of a medical device, an act known by some as “medjacking.”
The Cybersecurity Standard for Connected Diabetes Devices steering committee began meeting in July, hoping to determine any possible vulnerabilities in devices, and ways to prevent them from being cracked.
David Armstrong, M.D., a surgeon, committee member and professor of surgery at the University of Arizona, says change is happening at a rapid pace in the field, and those involved want to stay ahead of any possible breaches. At the same time, members of the group, which is affiliated with the Diabetes Technology Society, want to make sure that any recommendations aren’t onerous enough to inhibit innovation, he adds.
“We are moving into a new era,” Armstrong says. “It’s breathtaking the speed at which these medical devices, consumer electronics, wearables and implantables are all merging. The goal for this group, which is one of the first of its kind, is to try to get out in front of some of the big problems that could completely frighten people off and stifle not only innovation on the R&D side, but quality of care.”
The initial focus of the committee will be on diabetes-related devices, but committee members eventually hope to spread their knowledge to other parts of medicine.
With a few meetings under its belt, the committee plans to discuss its initial findings at a meeting convened by the Diabetes Technology Society Oct. 23 in Bethesda, Md. A final report is expected to be issued midyear 2016, says David Klonoff, M.D., medical director of the Diabetes Research Institute at Mills-Peninsula Health Services and chairman of the committee.
Until then, Klonoff encourages hospital leaders to investigate their current security practices with respect to connected devices, patch up any vulnerabilities, and look to purchase any future devices based on their adherence to security standards.
“While you can’t prevent a determined hacker from getting into a system, unless you use super-amazing methods, you can prevent a typical hacker from getting in by using simple, protective methods,” Klonoff says. “There’s the potential for a good return on investment with a few simple steps that can prevent the vast majority of threats from occurring.”
MORE ON HACKING: The takeover of medical devices is just one aspect to the major threat posed to health care by hackers. For more on this topic, see “Outsmarting Data Thieves,” Page 30.