The interconnectivity of diagnostic technology is revolutionizing healthcare – but also introducing significant risk. Here’s what you need to know about diagnostic device development in the era of cybersecurity regulations.
In July 2019, a mother gave birth to her daughter while the hospital’s internal computer network was down due to a ransomware attack. Her daughter was born with her umbilical cord wrapped around her neck – a condition that caused severe brain damage, and sadly, her eventual death nine months later.
According to reports, the heart rate monitor in the room registered signs of the fetus’s distress, but since the hospital computer network was down, the hospital staff were not notified of these warning signs.
Following the delivery, the attending obstetrician obtained the readout from the patient’s room and texted the nurse manager to say she would have performed a Caesarean section had she seen the results sooner.
This was the first case of an alleged death resulting from a ransomware attack on a hospital.
Without a doubt, the interconnectivity of diagnostic devices to both hospital information systems and the cloud brings tremendous opportunities for improved patient outcomes. However, with this opportunity comes a responsibility for device manufacturers and healthcare providers to protect against cybersecurity incidents. With greater connectivity, the potential impact and scale grows in magnitude. The connected diagnostic device of today is part of a larger ecosystem, with implications that reach beyond a single device to hospital-wide, and even worldwide.
The industry is taking notice. Regulatory bodies are rapidly developing processes to address the increased risk and frequency of sophisticated cyber-attacks, especially as medical industries, devices and patient welfare are increasingly being targeted. And hospitals and other health care organizations (HCOs) want assurance that devices comply with all regulations and cybersecurity best-practices.
Cybersecurity has become a priority diagnostic device product development consideration, just like traditional considerations such as reliability, feature set and cost.