As a Blogger, I use the internet a lot to research, share and stay connected to the people and products I love. There is no doubt that the Internet helps to take me across the world and pretty much anywhere I want to be just through the click of the mouse. I appreciate having so much information at my fingertips and though I love the library, the internet would be my first choice for getting my work done more efficiently every time. That is the reason I was so alarmed when I read about the Cybersecurity scare that puts patients and the Healthcare System at risk, as a whole. According to information shared by the Office of Inspector General, the connectivity that is making it easier for Healthcare Professionals to communicate and be informed about their patients conditions, is the very thing creating vulnerability. Various Networked Medical Devices in particular were highlighted as being at risk. Oh My God, have the Hackers won?

Apparently not. The FDA seems to have a through review process in place, one with the right checks and balances to encourage manufacturers to avoid being vague when describing a devices risk factors for Cybersecurity Threats. As an Insurance Agent, I am required to recertify every year, training on the Medicare Basics and Plan Specific information for the plans offered by Insurers on and off the Marketplace. The training includes being able to recognize FWA (Fraud, Waste and Abuse) which may happen in the Healthcare Industry. Whether a violation for over billing or something as simple as unnecessary test being ordered by Physicians, these violations put consumers at risk. I have to be able to identify (violations), protect (report violations and compliance issues), prevent (be in compliance).

When I am collecting information, I have to disclose and document properly), performing in such a way to honor the position of trust I have been entrusted to serve in. The FDA recommends a similar process for manufacturers who intend to submit devices for approval which will be used on patients and by patients. Below are the five areas to consider before submitting products for review and approval, along with explanations shared in the Report issued by The Office of Inspector General.

  1. Identify.  Identify the networked medical device’s intended use, use environment, type of connectivity, cybersecurity vulnerabilities, likelihood of threat, and probable risk of harm. 
  2.  Protect. Protect the networked medical device using appropriate security controls. 
  3.  Detect. Implement features that allow for cybersecurity threats to be detected, recognized, and logged. 
  4.  Respond. Develop a response plan that end users can use and implement features that will protect a device’s critical function in the case of a cybersecurity attack. 
  5. Recover. Provide methods for retaining and recovering control of a device.

    The FDA has policies and procedures in place to ensure that the review process holds manufacturers accountable for the devices they intend to provide for use in our Healthcare System. Read the full report here. That’s all. Kudo’s...