James O. Craven
Publications

Mitigating the Risks of Medical Technology Security

May 11, 2015 Published Work
Connecticut Law Tribune

For years, the military has promoted keeping "left of boom." The idea is that on a time line from left to right, soldiers should anticipate and avoid – that is, stay left of – harmful and hazardous events, or the "boom." This article briefly highlights the risks associated with the recent convergence of health care's growing reliance on technology and the increased incidence of privacy intrusions and hacker attacks, and discusses what health care providers and manufacturers can do to keep "left of boom."

Medical treatment increasingly involves new products that rely on software, such as ingestible smart pills, digital medications, subcutaneous biosensors and brain implants. Meanwhile, nearly all health care providers have converted to electronic health records, and many have increased their reliance on remote access to electronically stored information. This growing reliance on information technology in the delivery of health care provides great opportunity, but it also comes with a heightened risk of costly data breaches, privacy violations, software-related malfunctions and electronic security lapses both inadvertent and intentional.

Regulators have taken notice. The U.S. Food and Drug Administration (FDA) has reported that malware and other computer viruses have infected medical devices used in radiology departments, cardiac catheterization labs, sleep labs and other clinical settings. According to the FDA, software-related issues comprise a significant portion of medical device recalls. For example, in 2014, the FDA announced Class I recalls of certain ventilators and infusion pumps based on software problems, such as a "glitch" in a ventilator that could prevent air flow to patients unable to breathe on their own. It warned that such software issues could result in severe patient injury or death.

[Full text is available in the PDF below.]

Resources