Digital transformation has taken all industries by storm and the medical device industry is no exception. In this new digital health tech world, MedTech companies are developing more connected devices than ever before. Connected medical devices benefit patients and providers alike. However, the increase in connected devices also increases the need for cybersecurity in the industry. More connected medical devices have increased the risk that hackers will access confidential data or gain the ability to modify technologies in ways that put patients at risk.
The Internet of Medical Things (IoMT) has enabled medical devices to transmit data and physicians to remotely adjust settings to tailor treatments. Connected medical devices benefit patients and providers alike, the growing number of these devices also led to heightened cybersecurity concerns. This is shown by a steady stream of reports of vulnerabilities that could allow hackers to access personal health data and interfere with treatments.
A report done by BD shows that sophisticated cyber threats targeting the healthcare sector are on the rise. Ransomware, phishing, and software vulnerabilities are among the biggest challenges facing MedTech manufacturers, hospitals, labs, pharmacies, and now patients’ homes as well.
Medical device cybersecurity is getting more attention than ever before. It’s no surprise with medical devices becoming more and more connected and software-driven, the risk of cybersecurity risk evolves due to new vulnerabilities, complex supply chains, new suppliers, and new product lines. Research done by Cybellum shows that only 33% of participants are 100% confident in their ability to handle and mitigate a cyber-attack.
According to the above-mentioned research, almost 90% of asked security experts admitted that they need to improve on key areas, such as SBOM analysis and compliance readiness, and around 50% of the participants increased their cybersecurity budget by more than 25% in 2022.
In December 2022, the US government passed the Omnibus Bill. This bill grants new powers to the FDA, allowing them to double down on medical device product security and turn previous guidelines into new regulations. The implementation date is set to October 1, 2023. After the 1st of October medical device manufacturers will be expected to demonstrate that their devices will remain cyber secure throughout their entire lifespan.
The Omnibus Bill requires Medical Device OEMs to submit a Software Bill of Material (SBOM) and to use SBOMs to coordinate post-market product cybersecurity efforts. This legislation applies to all products (including legacy) with software-defined components and is meant to replace the FDA’s proposed medical device cybersecurity requirements (taken from the PATCH Act).
Hanna Taller is a content creator for PTC’s ALM Marketing team. She is responsible for increasing brand awareness and driving thought leadership for Codebeamer. Hanna is passionate about creating insightful content centered around ALM, life sciences, automotive technology, and avionics.