Center for Internet Security to Safeguard Internet-Enabled Medical Devices from Cyber Attacks | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Center for Internet Security to Safeguard Internet-Enabled Medical Devices from Cyber Attacks

August 21, 2013
by Rajiv Leventhal
| Reprints

The non-profit Center for Internet Security (CIS) has announced a new initiative to help bolster the protection of Internet-enabled medical devices from cyber attacks. CIS is working with medical device manufacturers, healthcare facilities, and cyber security experts to develop new security benchmarks.

The first benchmarks will be focused on insulin infusion pump technologies, with future benchmarks being developed for other medical devices on an ongoing basis.

CIS has issued a request for information (RFI) to U.S. medical device manufacturers to invite voluntary participation in the development of security control benchmarks for reducing cyber risk to medical devices. The first of their kind, these benchmarks will provide clear recommendations on how device manufacturers should securely configure medical devices. The benchmarks are intended to build upon the Food and Drug Administration's (FDA) draft "Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” according to CIS.

Doctors and other healthcare providers are beginning to routinely access implanted medical devices (IMDs) such as insulin pumps, pacemakers, and defibrillators over the Internet. This process enables doctors to manage the device, and continuously monitor and even treat the patient remotely.

However, these cutting edge medical advantages come with risk. As indicated in recent safety notices issued by the FDA and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), hardcoded password vulnerabilities were found in approximately 300 medical devices. These findings make clear that the risks are real and much more needs to be done to improve cyber security within the medical device industry, said CIS.

"The technological advancements that enable healthcare providers to embed life-saving devices and treat patients remotely are tremendous,” William Pelgrin, CIS president and CEO, said in a statement. “We must do everything we can to protect those devices and the patients who rely on them. CIS is pleased to lead this collaborative effort to develop well-defined security baselines that can help further strengthen defenses against cyber attack.”

The first healthcare provider to join in this initiative is the Albany Medical Center, northeastern New York’s only academic health sciences center, incorporating the 651-bed Albany Medical Center Hospital. "The medical community leverages technology to deliver top quality healthcare, research and education to our vast constituency, and the security of that technology is crucial," George Hickman, executive vice president and CIO for Albany Medical Center and board chairman of the College of Healthcare Information Management Executives (CHIME), said in a statement. "I'm pleased to be a part of this collaborative effort to develop implementable guidance that will enhance the security of these devices."



Former Michigan Governor to Serve as Chair of DRIVE Health

Former Michigan Governor John Engler will serve as chair of the DRIVE Health Initiative, a campaign aimed at accelerating the U.S. health system's transition to value-based care.

NJ Medical Group Launches Statewide HIE, OneHealth New Jersey

The Medical Society of New Jersey (MSNJ) recently launched OneHealth New Jersey, a statewide health information exchange (HIE) that is now live.

Survey: 70% of Providers Using Off-Premises Computing for Some Applications

A survey conducted by KLAS Research found that 70 percent of healthcare organizations have moved at least some applications or IT infrastructure off-premises.

AMIA Warns of Tax Bill’s Impact on Graduate School Programs in Informatics

Provisions in the Republican tax bill that would count graduate student tuition waivers as taxable income would have detrimental impacts on the viability of fields such as informatics, according to the American Medical Informatics Association.

Appalachia Project to Study Relationship Between Increased Broadband Access, Improved Cancer Care

The Federal Communications Commission and the National Cancer Institute have joined forces to focus on how increasing broadband access and adoption in rural areas can improve the lives of rural cancer patients.

Survey: By 2019, 60% of Medicare Revenues will be Tied to Risk

Medical groups and health systems that are members of AMGA (the American Medical Group Association) expect that nearly 60 percent of their revenues from Medicare will be from risk-based products by 2019, according to the results from a recent survey.