The FDA has not seen any evidence of any cyberattack on an in-use medical device but knows they might be "impacted". Laboratory testing has shown the ability to hack medical devices. According to United Press International, the FDA has issued five product-specific safety communications since 2015 on cybersecurity vulnerabilities. The problems were found in Abbott's implantable cardiac devices and implantable cardiac pacemakers, Merlin's home transmitter of implanted cardiac devices, and Hospira's and Symbiq's infusion systems.
Commissioner Scott Gottlieb, M.D. announced the release of a cybersecurity “playbook” to assist health care delivery organizations, as well as the signing of two memoranda of understanding to promote information sharing, preparedness, and response around cybersecurity risks. The book was prepared by MITRE Corporation for the FDA. The full title is “Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook.” The MOUs cover plans for the sharing and distribution of information about threats. The Department of Homeland Security is one agency that shares information with the FDA and performs simulations and post-event reviews that assist the FDA.
Part of the playbook presents exercises to help staff recognize a cyberattack in an emergency. Learning what actions to take during the cyberattack is the goal after recognition.
MediMizer Software helps the HTM community by offering full IT/HIPAA/Cybersecurity documentation for the patient equipment.
