Clinicians now have a peer-reviewed guide from a medical journal on how to evaluate when a medical device security problem translates into a clinical risk.
There's been a lot of confusion on risk management for pacemaker and defibrillator security because of the difficulty in explaining medical device security in the context of patient safety and risk management. We are pleased to announce our latest publication on the science and engineering to assess risks of medical device security. Led by Virta Labs, the peer-reviewed paper published in Pacing and Clinical Electrophysiology (PACE) is co-authored by researchers (including four PhDs and two MDs) with backgrounds in electrical engineering, computer science, IT security, and electrophysiology from Virta Laboratories, Beth Israel Deaconess Medical Center, the Mayo Clinic, Zhejiang University, the University of South Carolina, and the University of Michigan Health System.
Our manuscript may be downloaded directly from the publisher.
Cybersecurity and medical devices: A Practical guide for cardiac electrophysiologists
in Pacing and Clinical Electrophysiology (PACE)
Benjamin Ransford, PhD*1
Daniel B. Kramer, MD, MPH*2
Denis Foo Kune, PhD*1
Julio Auto de Medeiros*3
Wenyuan Xu, PhD*5
Thomas Crawford, MD*6
Kevin Fu, PhD*1
1 Virta Laboratories, Inc., Ann Arbor, MI
2 Richard A. and Susan F. Smith Center for Outcomes Research in Cardiology, Division of Cardiology, Beth Israel Deaconess Medical Center, Boston, MA
3 Office of Information Security, Mayo Clinic, Rochester, MN
4 Zhejiang University, Hangzhou, China
5 Department of Computer Science & Engineering, University of South Carolina, Columbia, SC
6 Department of Internal Medicine, Frankel Cardiovascular Center, University of Michigan Health System, Ann Arbor, MI
Abstract: Medical devices increasingly depend on software. While this expands the ability of devices to perform key therapeutic and diagnostic functions, reliance on software inevitably causes exposure to hazards of security vulnerabilities. This article uses a recent high-profile case example to outline a proactive approach to security awareness that incorporates a scientific, risk-based analysis of security concerns that supports ongoing discussions with patients about their medical devices.
Security of Medical Device Inventory: Stop Making Motions. Start Taking Action.
At Virta Labs, healthcare safety is our number one priority. But we live and breathe cybersecurity as a means to achieve high availability and integrity of healthcare delivery. That's why hospitals trust us.