Center for Internet Security to Safeguard Internet-Enabled Medical Devices from Cyber Attacks | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Center for Internet Security to Safeguard Internet-Enabled Medical Devices from Cyber Attacks

August 21, 2013
by Rajiv Leventhal
| Reprints

The non-profit Center for Internet Security (CIS) has announced a new initiative to help bolster the protection of Internet-enabled medical devices from cyber attacks. CIS is working with medical device manufacturers, healthcare facilities, and cyber security experts to develop new security benchmarks.

The first benchmarks will be focused on insulin infusion pump technologies, with future benchmarks being developed for other medical devices on an ongoing basis.

CIS has issued a request for information (RFI) to U.S. medical device manufacturers to invite voluntary participation in the development of security control benchmarks for reducing cyber risk to medical devices. The first of their kind, these benchmarks will provide clear recommendations on how device manufacturers should securely configure medical devices. The benchmarks are intended to build upon the Food and Drug Administration's (FDA) draft "Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” according to CIS.

Doctors and other healthcare providers are beginning to routinely access implanted medical devices (IMDs) such as insulin pumps, pacemakers, and defibrillators over the Internet. This process enables doctors to manage the device, and continuously monitor and even treat the patient remotely.

However, these cutting edge medical advantages come with risk. As indicated in recent safety notices issued by the FDA and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), hardcoded password vulnerabilities were found in approximately 300 medical devices. These findings make clear that the risks are real and much more needs to be done to improve cyber security within the medical device industry, said CIS.

"The technological advancements that enable healthcare providers to embed life-saving devices and treat patients remotely are tremendous,” William Pelgrin, CIS president and CEO, said in a statement. “We must do everything we can to protect those devices and the patients who rely on them. CIS is pleased to lead this collaborative effort to develop well-defined security baselines that can help further strengthen defenses against cyber attack.”

The first healthcare provider to join in this initiative is the Albany Medical Center, northeastern New York’s only academic health sciences center, incorporating the 651-bed Albany Medical Center Hospital. "The medical community leverages technology to deliver top quality healthcare, research and education to our vast constituency, and the security of that technology is crucial," George Hickman, executive vice president and CIO for Albany Medical Center and board chairman of the College of Healthcare Information Management Executives (CHIME), said in a statement. "I'm pleased to be a part of this collaborative effort to develop implementable guidance that will enhance the security of these devices."

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Personalized Medicine Awareness Low Among U.S. Adults, Survey Finds

Genetics and personalized medicine are not top of mind for the general public in the U.S., according to a recent survey from GenomeWeb and the Personalized Medicine Coalition.

Industry Organizations Praise Senate Passage of VA Mission Act

The U.S. Senate on Wednesday passed, by a vote of 92-5, a major Veterans Affairs (VA) reform bill that includes health IT-related provisions to improve health data exchange between VA healthcare providers and community care providers.

NIH Issues Funding Announcement for All of Us Genomic Research Program

The National Institutes of Health’s (NIH) “All of Us” Research Program has issued a funding announcement for genome centers to generate genotype and whole genome sequence data from participants’ biosamples.

MGMA: Physician Compensation Data Illustrates Nationwide PCP Shortage

Primary care physicians’ compensation rose by more than 10 percent over the past five years, representing an increase which is nearly double that of specialty physicians’ compensation over the same period, according to the Medical Group Management Association (MGMA).

Circulation, Buoy Health Collaborate on Integrated Platform for Patient Transportation

Boston-based startup Circulation Health, a ride-ordering exchange that coordinates medical transportation logistics using Lyft and other transportation partners, is partnering with Buoy Health, also based in Boston, to integrate their platforms to provide patients with an end-to-end healthcare experience.

HITRUST Provides NIST Cybersecurity Framework Certification

The Health Information Trust Alliance (HITRUST), security and privacy standards development and accreditation organization, announced this week a certification program for the National Institute of Standards and Technology's (NIST) Cybersecurity Framework (Framework).