The manufacturers are the only ones who can change the design space — and they've now received notice from the FDA about the importance of cybersecurity at that early design phase.

The hospitals, on the other hand, have been given the advice that they need to start reporting. If you don't report, there is no way for regulators to make risk-based decisions — the statistics will be much more meaningful that way.


DMBN: But medical device malfunctions are universally underreported right now, right?

KF: Yes, that's true. But if you look in the FDA databases as of a year ago they have zero security reports — even though if you go to any hospital and you ask the head of IT they will tell you about the malware getting into their devices. It simply was not reaching the desks of the people able to evaluate the risks at the national level.

DMBN: In an ideal world, how do you think devices will be secured by cyber attacks in the future?

KF: I have a 164 year research plan to solve this, I kid you not! One hundred and sixty-five years ago Ignatius Semmelweis suggested that physicians should wash their hands when working with patients to avoid mortality and morbidity. People thought it was heresy. How dare you question the cleanliness of a physician's hands! And we still have hand-washing problems today.

So I don't think the cybersecurity question is going away any time soon, but I'm optimistic that the best way of solving these problems is being upfront about the vulnerabilities in the early design stages.

In the long term, I see cybersecurity as a real enabler to give manufacturers, hospitals and patients the confidence to treat diseases that today we consider not treatable.

Back to HCB News

More Industry Headlines