The University of Minnesota Launches New Center for Medical Device Cybersecurity in Response to Growing Internet-Connected Threats
Earlier this month, the University of Minnesota announced that it would be launching its new Center for Medical Device Cybersecurity (CMDC). This comes, after several requests from members of the medical device manufacturing industry to create such a collective for purposes of discovery, outreach, and workforce training in the emerging devices security field.
The CMDC is funded by five of the United States’ leading health industry companies such as Boston Scientific, Smiths Medical, Optum, Medtronic, and Abbott Laboratories. The University of Minnesota says that over the next two years, additional members will be actively recruited.
The CMDC will focus its efforts on the growing number of cybersecurity threats, hoping to bridge the gap among universities, industries, and government collaborations to ensure the safety and security of medical devices.
In 2021, medical devices such as drug infusion pumps, pacemakers, and monitors serve as one of the top five cybersecurity threats, according to the U.S. Department of Health and Human Services, with the FDA pushing for stronger cybersecurity measures.
But with technologies like smartwatches that can now diagnose heart problems or calculate patient blood pressure through app-connected hubs present a new form of security concerns for the medical community and consumers who are now subject to more sophisticated ransomware attacks.
Ransomware attacks are the perfect threat for targeting medical devices whose functionality is based upon a single point of connectivity. Once ransomware takes over the command server for the devices, it’s game over, causing any and all connected devices to immediately stop functioning, proving fatal to patients whose lives depend on that functionality.
While it’s unclear how many people, if any, have been injured by a hacked medical device, the FDA has warned medical providers of software vulnerabilities in these devices for years.
According to a securities technologies expert at the University of Minnesota, there hasn’t been a high-profile case of a patient being killed or seriously harmed, but like most anticipated cybersecurity threats, it’s not a question of if but when.
Ensuring cybersecurity for today’s latest medical devices is crucial in maintaining consumer trust in health care companies, especially when it comes to consumer laws like HIPAA.
The CMDC will reside within the Technological Leadership Institute (TLI), an interdisciplinary center within the College of Science and Engineering with a mission of developing local and global leaders with technology-intensive industries.
With manufacturers confident that these devices will eventually end up inside a patient or inside their home, manufacturers need to have stronger security mechanisms in place to protect the medical devices that are reliant upon private and publicly secured networks.