Today’s digital health technologies offer millions of patients a personalized user experience; however, to function as intended, online devices must collect a minimum amount of relevant personal information. With the details on hand, digital health apps can seamlessly link users with the life-easing services they depend on. However, like any vault that holds valuable things, digital health’s storage servers can pose an enticing target to hackers, data-thieves, and other miscreants.
An analysis by the security firm McAfee Labs revealed that healthcare data breaches now occur more frequently than any other category of cybersecurity hack in North America, recently overtaking cyberattacks in the public sector. According to McAfee, healthcare breaches accounted for 26% of total leaks throughout the second quarter of 2017, with a majority of healthcare leaks resulting from accidental disclosures and human error.
It was specified, however, that a minority of serious cyberattacks targeted hospitals and medical facilities. McAfee’s report notes that a few data hacks even managed to “paralyze several departments and, in some cases, the hospitals had to transfer patients and postpone surgeries.” The bulk of these attacks were conducted using ransomware—a type of malicious software that locks a device’s core features until its user pays a monetary sum as ransom.
Because of the safety threats posed to patients who rely on mobile health—both inside and outside of hospitals—the FDA has redoubled its efforts to combat cybersecurity breaches. As part of an initiative to overhaul the agency’s approach to digital health, Baku Patel, Associate Director of the FDA’s Center for Devices and Radiological Health, announced that the FDA has established a unit of cybersecurity experts devoted to addressing the security and interoperability of medical software.
To minimize security threats throughout the lifecycle of digital health products, the FDA recommends that device manufacturers employ a proactive approach in updating and patching software, and closely monitor the stability of devices on the market. The organization further emphasises—in a fact sheet dispelling misinformation—that in compliance with quality system regulations, it is the responsibility of medical device manufacturers and healthcare delivery organizations to update their devices’ security protocols as necessary.
The FDA has made clear its intent to collaborate with device manufactures and care providers to ensure security risks are consistently mitigated. But in the same way their efforts protect patients’ health, it also falls largely upon manufacturers and providers to safeguard vulnerable patients against the theft of personal information.