Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
Review
. 2015 Jul 20:8:305-16.
doi: 10.2147/MDER.S50048. eCollection 2015.

Cybersecurity vulnerabilities in medical devices: a complex environment and multifaceted problem

Patricia Ah Williams  1 Andrew J Woodward  1
Affiliations
Review

Cybersecurity vulnerabilities in medical devices: a complex environment and multifaceted problem

Patricia Ah Williams et al. Med Devices (Auckl). .

Abstract

The increased connectivity to existing computer networks has exposed medical devices to cybersecurity vulnerabilities from which they were previously shielded. For the prevention of cybersecurity incidents, it is important to recognize the complexity of the operational environment as well as to catalog the technical vulnerabilities. Cybersecurity protection is not just a technical issue; it is a richer and more intricate problem to solve. A review of the factors that contribute to such a potentially insecure environment, together with the identification of the vulnerabilities, is important for understanding why these vulnerabilities persist and what the solution space should look like. This multifaceted problem must be viewed from a systemic perspective if adequate protection is to be put in place and patient safety concerns addressed. This requires technical controls, governance, resilience measures, consolidated reporting, context expertise, regulation, and standards. It is evident that a coordinated, proactive approach to address this complex challenge is essential. In the interim, patient safety is under threat.

Keywords: cybersecurity; medical devices; risk; safety; security; wireless.

PubMed Disclaimer

References

    1. Craigen D, Diakun-Thibault N, Purse R. Defining Cybersecurity. Technology Innovation Management Review. 2014;4(10):13–21.
    1. Critical Infrastructure Protection . Cybersecurity and Critical Infrastructure Protection. Lewis JA: 2006. [Accessed June 9, 2015]. Available from: http://cip.management.dal.ca/publications/Cybersecurity%20and%20Critical....
    1. SANS Institute . Health Care Cyberthreat Report: Widespread Compromises Detected, Compliance Nightmare on Horizon. Filkins B: 2014. [Accessed June 9, 2015]. Available from: http://www.sans.org/reading-room/whitepapers/firewalls/health-care-cyber....
    1. US Food Drug Administration . Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. US Food and Drug Administration; 2014. [Accessed June 9, 2015]. Available from: http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/....
    1. US Food Drug Administration . FDASIA Health IT Report: Proposed Strategy and Recommendations for a Risk-Based Framework. FDA, FC, ONC; 2014. [Accessed June 9, 2015]. Available from: http://www.fda.gov/downloads/AboutFDA/CentersOffices/OfficeofMedicalProd....

LinkOut - more resources