Skip to content Skip to navigation

Center for Internet Security to Safeguard Internet-Enabled Medical Devices from Cyber Attacks

August 21, 2013
by Rajiv Leventhal
| Reprints

The non-profit Center for Internet Security (CIS) has announced a new initiative to help bolster the protection of Internet-enabled medical devices from cyber attacks. CIS is working with medical device manufacturers, healthcare facilities, and cyber security experts to develop new security benchmarks.

The first benchmarks will be focused on insulin infusion pump technologies, with future benchmarks being developed for other medical devices on an ongoing basis.

CIS has issued a request for information (RFI) to U.S. medical device manufacturers to invite voluntary participation in the development of security control benchmarks for reducing cyber risk to medical devices. The first of their kind, these benchmarks will provide clear recommendations on how device manufacturers should securely configure medical devices. The benchmarks are intended to build upon the Food and Drug Administration's (FDA) draft "Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” according to CIS.

Doctors and other healthcare providers are beginning to routinely access implanted medical devices (IMDs) such as insulin pumps, pacemakers, and defibrillators over the Internet. This process enables doctors to manage the device, and continuously monitor and even treat the patient remotely.

However, these cutting edge medical advantages come with risk. As indicated in recent safety notices issued by the FDA and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), hardcoded password vulnerabilities were found in approximately 300 medical devices. These findings make clear that the risks are real and much more needs to be done to improve cyber security within the medical device industry, said CIS.

"The technological advancements that enable healthcare providers to embed life-saving devices and treat patients remotely are tremendous,” William Pelgrin, CIS president and CEO, said in a statement. “We must do everything we can to protect those devices and the patients who rely on them. CIS is pleased to lead this collaborative effort to develop well-defined security baselines that can help further strengthen defenses against cyber attack.”

The first healthcare provider to join in this initiative is the Albany Medical Center, northeastern New York’s only academic health sciences center, incorporating the 651-bed Albany Medical Center Hospital. "The medical community leverages technology to deliver top quality healthcare, research and education to our vast constituency, and the security of that technology is crucial," George Hickman, executive vice president and CIO for Albany Medical Center and board chairman of the College of Healthcare Information Management Executives (CHIME), said in a statement. "I'm pleased to be a part of this collaborative effort to develop implementable guidance that will enhance the security of these devices."



CMS Hospital Compare Website Updated with VA Data

The Centers for Medicare & Medicaid Services (CMS) has announced the inclusion of Veterans Administration (VA) hospital performance data as part of the federal agency’s Hospital Compare website.

CMS Awards Funding to Special Innovation Projects

The Centers for Medicare & Medicaid Services (CMS) has awarded 20, two-year Special Innovation Projects (SIPs) aimed at local efforts to deliver better care at lower cost.

Center of Excellence in Genomic Science to be Established in Chicago

The National Human Genome Research Institute has awarded $10.6 million over five years for the establishment of a new research center in Chicago to advance genomic science.

EHNAC and HITRUST Combine HIPAA Security Criteria, CSF Framework

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) announced plans to streamline their accreditation and certification programs.

Halamka on MACRA Final Rule: “CMS is Listening and I Thank Them”

Health IT notable expert John Halamka, M.D., CIO of Beth Israel Deaconess Medical Center in Boston, recently weighed in on the Medicare Access and CHIP Reauthorization Act (MACRA) final rule.

Texas Patient Care Clinic Hit with Ransomware Attack

Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.