Center for Internet Security to Safeguard Internet-Enabled Medical Devices from Cyber Attacks | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Center for Internet Security to Safeguard Internet-Enabled Medical Devices from Cyber Attacks

August 21, 2013
by Rajiv Leventhal
| Reprints

The non-profit Center for Internet Security (CIS) has announced a new initiative to help bolster the protection of Internet-enabled medical devices from cyber attacks. CIS is working with medical device manufacturers, healthcare facilities, and cyber security experts to develop new security benchmarks.

The first benchmarks will be focused on insulin infusion pump technologies, with future benchmarks being developed for other medical devices on an ongoing basis.

CIS has issued a request for information (RFI) to U.S. medical device manufacturers to invite voluntary participation in the development of security control benchmarks for reducing cyber risk to medical devices. The first of their kind, these benchmarks will provide clear recommendations on how device manufacturers should securely configure medical devices. The benchmarks are intended to build upon the Food and Drug Administration's (FDA) draft "Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” according to CIS.

Doctors and other healthcare providers are beginning to routinely access implanted medical devices (IMDs) such as insulin pumps, pacemakers, and defibrillators over the Internet. This process enables doctors to manage the device, and continuously monitor and even treat the patient remotely.

However, these cutting edge medical advantages come with risk. As indicated in recent safety notices issued by the FDA and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), hardcoded password vulnerabilities were found in approximately 300 medical devices. These findings make clear that the risks are real and much more needs to be done to improve cyber security within the medical device industry, said CIS.

"The technological advancements that enable healthcare providers to embed life-saving devices and treat patients remotely are tremendous,” William Pelgrin, CIS president and CEO, said in a statement. “We must do everything we can to protect those devices and the patients who rely on them. CIS is pleased to lead this collaborative effort to develop well-defined security baselines that can help further strengthen defenses against cyber attack.”

The first healthcare provider to join in this initiative is the Albany Medical Center, northeastern New York’s only academic health sciences center, incorporating the 651-bed Albany Medical Center Hospital. "The medical community leverages technology to deliver top quality healthcare, research and education to our vast constituency, and the security of that technology is crucial," George Hickman, executive vice president and CIO for Albany Medical Center and board chairman of the College of Healthcare Information Management Executives (CHIME), said in a statement. "I'm pleased to be a part of this collaborative effort to develop implementable guidance that will enhance the security of these devices."



NewYork-Presbyterian, Walgreens Partner on Telemedicine Initiative

NewYork-Presbyterian and Walgreens are collaborating to bring expanded access to NewYork-Presbyterian’s healthcare through new telemedicine services, the two organizations announced this week.

ONC Releases Patient Demographic Data Quality Framework

The Office of the National Coordinator for Health IT (ONC) developed a framework to help health systems, large practices, health information exchanges and payers to improve their patient demographic data quality.

AMIA, Pew Urge Congress to Ensure ONC has Funding to Implement Cures Provisions

The Pew Charitable Trusts and the American Medical Informatics Association (AMIA) have sent a letter to congressional appropriators urging them to ensure that ONC has adequate funding to implement certain 21st Century Cures Act provisions.

Former Michigan Governor to Serve as Chair of DRIVE Health

Former Michigan Governor John Engler will serve as chair of the DRIVE Health Initiative, a campaign aimed at accelerating the U.S. health system's transition to value-based care.

NJ Medical Group Launches Statewide HIE, OneHealth New Jersey

The Medical Society of New Jersey (MSNJ) recently launched OneHealth New Jersey, a statewide health information exchange (HIE) that is now live.

Survey: 70% of Providers Using Off-Premises Computing for Some Applications

A survey conducted by KLAS Research found that 70 percent of healthcare organizations have moved at least some applications or IT infrastructure off-premises.