Skip to main content
Sister Publication Links
  • ESG: THE NEW IMPERATIVE
Subscribe
  • My Account
  • Login
  • Subscribe
  • News
    • Current News
    • COVID-19
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Transformation
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Digital Health
  • Insights
    • ACA 10 Years After
    • Best Practices
    • Special Reports
    • Innovations
  • Data/Lists
    • Rankings/Lists
    • Interactive Databases
    • Data Points
  • Op-Ed
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Awards
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Diversity in Healthcare
    • Women in Healthcare
    • - Luminaries
    • - Top 25 Diversity Leaders
    • - Leaders to Watch
    • - Luminaries
    • - Top 25 Women Leaders
    • - Women to Watch
  • Events
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Custom Media Event: ESG Summit
    • Transformation Summit
    • Women Leaders in Healthcare Conference
    • Social Determinants of Health Symposium
    • Leadership Symposium
    • Health Care Hall of Fame Gala
    • Top 25 Women Leaders Gala
    • Best Places to Work Awards Gala
    • Top 25 Diversity Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Supply Chain Revenue Cycle
    • - Hospital at Home
    • - Workplace of the Future
    • - Strategic Marketing
    • - Virtual Health
  • Listen
    • Podcast - Next Up
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • MORE +
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Technology
September 01, 2017 01:00 AM

Abbott recall signals new era in medical-device cybersecurity

Rachel Z. Arndt
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print

    The FDA's recall of 465,000 Abbott Laboratories pacemakers earlier this week alerted medical-device makers that they increasingly need to be prepared to issue security updates and take cybersecurity issues more seriously.

    The agency recalled the devices Tuesday, saying the cardiac pacemakers made by Abbott (formerly St. Jude Medical) required firmware updates to correct vulnerabilities that leave the devices open to hackers. Rather than removing the devices, patients and physicians can install the update at a medical facility, but not remotely.

    Cybersecurity issues in medical devices are now a point of concern for devicemakers and the FDA, according to Mac McMillan, CEO and co-founder of the privacy and cybersecurity consulting firm Cynergistek.

    Given the added attention from regulators, devicemakers will have to be more proactive about developing and releasing updates.

    "If devicemakers didn't already have developers sitting around looking at cybersecurity, they now have to incur the costs of making sure their devices stay current," McMillan said. "In the past, they've developed devices and put them on the market and moved onto the next device. This is a new thing for them."

    The vulnerabilities were first discovered last year, after cybersecurity firm Medsec Holdings informed the investment firm Muddy Waters Capital about the issue. In January, St. Jude Medical, which was acquired by Abbott in January 2016, released a patch for a different set of cybersecurity problems.

    The medical device industry can learn some lessons from consumer tech companies, which actively push updates before problems even become public.

    "When Apple releases an iPhone update that includes security updates, everyone applauds Apple," said Mike Kijewski, CEO of Medcrypt. "If you have a device and a vendor never does a cybersecurity software update for it, it doesn't mean they're great at cybersecurity—it means they're not taking cybersecurity seriously."

    Companies that don't shift their cybersecurity approach will take a hit, said Stephanie Domas, lead security engineer for Battelle's DeviceSecure services. "Manufacturers that are not taking cybersecurity as seriously as they should will realize that this is something that causes business impact."

    As devicemakers transition into a new cybersecurity model, some may be more proactive and announce updates before FDA mandates, Kijewski said. But those changes likely won't occur until Abbott's recall shakes out.

    If Abbott feels a huge backlash from patients, providers and investors, other devicemakers may hold off on issuing updates, Kijewski said. If the updates aren't weighed down by FDA requirements, devicemakers could act quicker.

    The FDA could encourage proactivity by easing regulations, Kijewski said. "If the FDA can say you're just doing the update for cybersecurity and the changes are minimal and the functionality of the device isn't changing, they can make the update happen faster," he said, which will be cheaper for the vendor. "I expect you'll see in the next 90 days one device vendor releasing something about a device update," he said.

    But getting updates installed and determining who is responsible for installing the upgrade is another issue, Domas said. In the case of Abbott's pacemakers, it's on physicians, since in the advisory the company released it recommended physicians "determine if the update is appropriate given the risk of update for the patient."

    "That seems insane to me," she said. "A physician does not know cybersecurity. How can we be asking physicians to make that decision?"

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    google_sized_getty_i.jpg
    Democrats ask Google to protect abortion-patient privacy
    Cue Health COVID test
    High-tech’s business model hasn’t worked for the Cue COVID test
    Sponsored Content
    Health IT Strategist (HITS) Newsletter: Sign up for the latest IT and medical technology news delivered 3 days a week (M, W, F).
     
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2022. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • COVID-19
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Digital Health
    • Insights
      • ACA 10 Years After
      • Best Practices
      • Special Reports
      • Innovations
    • Data/Lists
      • Rankings/Lists
      • Interactive Databases
      • Data Points
    • Op-Ed
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Awards
      • Nominate/Eligibility
      • 100 Most Influential People
      • 50 Most Influential Clinical Executives
      • Best Places to Work in Healthcare
      • Excellence in Governance
      • Health Care Hall of Fame
      • Healthcare Marketing Impact Awards
      • Top 25 Emerging Leaders
      • Top 25 Innovators
      • Diversity in Healthcare
        • - Luminaries
        • - Top 25 Diversity Leaders
        • - Leaders to Watch
      • Women in Healthcare
        • - Luminaries
        • - Top 25 Women Leaders
        • - Women to Watch
    • Events
      • Conferences
        • Transformation Summit
        • Women Leaders in Healthcare Conference
        • Social Determinants of Health Symposium
        • Leadership Symposium
      • Galas
        • Health Care Hall of Fame Gala
        • Top 25 Women Leaders Gala
        • Best Places to Work Awards Gala
        • Top 25 Diversity Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Supply Chain Revenue Cycle
        • - Hospital at Home
        • - Workplace of the Future
        • - Strategic Marketing
        • - Virtual Health
      • Webinars
      • Custom Media Event: ESG Summit
    • Listen
      • Podcast - Next Up
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • MORE +
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing