Hackers not only target healthcare computer networks, they increasingly try to hack into sophisticated medical devices. Just as smart refrigerators and thermostats are often overlooked as cybersecurity vulnerabilities, medical devices don't always get the security attention they need.
This week, the Food and Drug Administration (FDA) and the Department of Homeland Security (DHS) agreed to work more closely together to enhance medical device security.
FDA Commissioner Dr. Scott Gottlieb says a growing number of medical devices actually connect to hospital networks, providing a backdoor for hackers if the devices aren't secure.
"The FDA has been proactive in developing a robust program to address medical device cybersecurity concerns," Gottlieb said. "But we also know that securing medical devices from cybersecurity threats cannot be achieved by one government agency alone.”
Sharing information on threats
Gottlieb says that's the reason the two very different agencies, with very different roles, are joining forces. Under the partnership, the two agencies will share information and collaborate on security measures.
“This agreement demonstrates our commitment to confronting cybersecurity risks and the unscrupulous cybercriminals who may seek to put patient lives at risk," he said.
Hackers sometimes target hospital and medical office computer networks in order to steal sensitive information about patients. In recent years, however, they've also launched ransomware attacks on these networks, locking up files until the hospital or medical practice pays a ransom in Bitcoin.
Partnership to protect the public
Christopher Krebs, Undersecretary for the National Protection and Programs Directorate at DHS, sees the partnership with the FDA as part of its role in protecting the public.
"DHS has some of the top experts on control systems technology, and we look forward to continuing to leverage this expertise for the sake of improving the lives and safety of people across the country,” Krebs said.
This isn't the first time that DHS and FDA have worked together. The two agencies have worked to discover and report vulnerabilities in medical devices. The disclosures are passed along to device manufacturers who can then modify their products to reduce or neutralize the threats.