Medical Device Manufacturers, Consumers Can Take Control of Data Security to Halt Hackers

By Stuart Long, CEO of InfoBionic

In a world where personal identities and data can be swiped by a hacker from just about anywhere, healthcare data security must be a priority.

As more and more medical devices are connected to the internet, they become a prime target for hackers.

Wearable medical-grade devices, particularly those allowing doctors to collect data remotely via Bluetooth or wireless radiofrequency technology, have been a boon for consumers over the last 10 years. These devices have improved the lives of patients by giving them the flexibility to go about their normal routines while doctors receive the information. They are far less invasive and time consuming for those required to wear them.

However, those devices can be a goldmine for hackers. They include a wide array of personal identifying information, not to mention health and location information.

If a hacker successfully gains access to a device, they could modify or reprogram it, providing them a direct line to sensitive patient data.

  • As security concerns and the number of people and devices continues to grow, the statistics are mindboggling: Software and security issues were the cause of 45 million medical device recalls in 2018 alone.
  • The U.S. Food and Drug Administration (FDA) warned that some cardiac implants could be hacked from as far away as 20 feet.

With the medical device industry projected to balloon to a value of over $63 billion over the next five years, data integrity and security must be a top priority.

Despite some of the concerns and the growing number of security-driven device recalls, the FDA continues to urge consumers to wear these devices because of the benefits they afford.

In light of that support and the proven benefits to consumers, it is critical that the industry take responsibility for its part in securing data and information.

Device manufacturers themselves are the first line of defense in protecting their customers’ data.

This means that as wearable devices become more ubiquitous, the technology within the devices must modernize as well. With that in mind, manufacturers must remain vigilant in keeping up to date with trends and hackers and provide timely software updates directly to their customers.

At InfoBionic, for example, we have been working to set industry best standards with our MoMe Kardia platform, which meets the highest levels of security and privacy. The platform’s infrastructure is hosted in a HITRUST CSF Certified environment and is HIPAA Compliant with external auditing. Available SOC2 Level 2 Reporting is completed annually. To meet the NIST Cybersecurity framework for encryption, MoMe Kardia is FIPS 140-2 compliant.

So, what does that all mean? In layman’s terms: InfoBionic follows HIPAA and HITECH regulations as set forth by U.S. Health and Human Services.—and our adherence to HIPAA requirements means that all data on our servers is encrypted when it is at rest or in transit. Our MoMe® Kardia securely sends detailed data directly to doctors’ mobile devices in real time, enabling rapid diagnosis and intervention in patients with cardiac problems.

Device manufacturers also need to take consumer education seriously, because consumers play a key role in keeping their data safe. Manufacturers and physicians must work together to ensure that consumers only use devices obtained directly from the manufacturer. It’s just as crucial to educate consumers on the importance and ease of updating the device’s software, as this will help keep their data away from potential hackers.

We, as an industry, need to ensure that we are doing our part by implementing best practices when it comes to data integrity and security. From the time of development to the time it is handed off to the consumer, we must always keep their data security and privacy in mind.  

Wearable and remote monitoring devices will continue to increase exponentially in the next few years. As healthcare moves further into the home with the use of medical devices, internet connectivity is essential—creating new hacking threats. We need to emphasize the security of these important medical advancements while still maximizing clinical functionality.

About the Author

Stuart Long

Stuart Long is the CEO of InfoBionic, the manufacturer of the MoMe® Kardia.

He has more than two decades of experience in both the clinical and business aspects of healthcare information and technology.