Center for Internet Security to Safeguard Internet-Enabled Medical Devices from Cyber Attacks

Aug. 21, 2013
The non-profit Center for Internet Security (CIS) has announced a new initiative to help bolster the protection of Internet-enabled medical devices from cyber attacks. CIS is working with medical device manufacturers, healthcare facilities, and cyber security experts to develop new security benchmarks.

The non-profit Center for Internet Security (CIS) has announced a new initiative to help bolster the protection of Internet-enabled medical devices from cyber attacks. CIS is working with medical device manufacturers, healthcare facilities, and cyber security experts to develop new security benchmarks.

The first benchmarks will be focused on insulin infusion pump technologies, with future benchmarks being developed for other medical devices on an ongoing basis.

CIS has issued a request for information (RFI) to U.S. medical device manufacturers to invite voluntary participation in the development of security control benchmarks for reducing cyber risk to medical devices. The first of their kind, these benchmarks will provide clear recommendations on how device manufacturers should securely configure medical devices. The benchmarks are intended to build upon the Food and Drug Administration's (FDA) draft "Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” according to CIS.

Doctors and other healthcare providers are beginning to routinely access implanted medical devices (IMDs) such as insulin pumps, pacemakers, and defibrillators over the Internet. This process enables doctors to manage the device, and continuously monitor and even treat the patient remotely.

However, these cutting edge medical advantages come with risk. As indicated in recent safety notices issued by the FDA and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), hardcoded password vulnerabilities were found in approximately 300 medical devices. These findings make clear that the risks are real and much more needs to be done to improve cyber security within the medical device industry, said CIS.

"The technological advancements that enable healthcare providers to embed life-saving devices and treat patients remotely are tremendous,” William Pelgrin, CIS president and CEO, said in a statement. “We must do everything we can to protect those devices and the patients who rely on them. CIS is pleased to lead this collaborative effort to develop well-defined security baselines that can help further strengthen defenses against cyber attack.”

The first healthcare provider to join in this initiative is the Albany Medical Center, northeastern New York’s only academic health sciences center, incorporating the 651-bed Albany Medical Center Hospital. "The medical community leverages technology to deliver top quality healthcare, research and education to our vast constituency, and the security of that technology is crucial," George Hickman, executive vice president and CIO for Albany Medical Center and board chairman of the College of Healthcare Information Management Executives (CHIME), said in a statement. "I'm pleased to be a part of this collaborative effort to develop implementable guidance that will enhance the security of these devices."

Sponsored Recommendations

Harnessing the True Power of Cultural, Clinical and Operational Data

Optimize healthcare performance by combining clinical, operational, and cultural insights. A deeper understanding of team factors improves care and resource management.

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...